summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGitLab Release Tools Bot <robert+release-tools@gitlab.com>2019-02-28 12:57:32 +0000
committerGitLab Release Tools Bot <robert+release-tools@gitlab.com>2019-02-28 12:57:32 +0000
commite6b8cf0afee6aa9cfdef7566f27443c6634532d9 (patch)
treec92640a98c4059662487dc7942b1e633d70e5f4a
parent686343e375d2c81e62e56b56bac5980d0032b863 (diff)
downloadgitlab-ce-e6b8cf0afee6aa9cfdef7566f27443c6634532d9.tar.gz
Update CHANGELOG.md for 11.6.10
[ci skip]
Diffstat
-rw-r--r--CHANGELOG.md27
-rw-r--r--changelogs/unreleased/2802-security-add-public-internal-groups-as-members-to-your-project-idor.yml6
-rw-r--r--changelogs/unreleased/51971-milestones-visibility.yml5
-rw-r--r--changelogs/unreleased/57227-absolute-uri-missing-hierarchical-segment.yml5
-rw-r--r--changelogs/unreleased/57534_filter_impersonated_sessions.yml6
-rw-r--r--changelogs/unreleased/security-2774-milestones-detail.yml5
-rw-r--r--changelogs/unreleased/security-2797-milestone-mrs.yml5
-rw-r--r--changelogs/unreleased/security-2798-fix-boards-policy.yml5
-rw-r--r--changelogs/unreleased/security-2799-emails.yml5
-rw-r--r--changelogs/unreleased/security-50334.yml5
-rw-r--r--changelogs/unreleased/security-55468-check-validity-before-querying.yml5
-rw-r--r--changelogs/unreleased/security-56348.yml5
-rw-r--r--changelogs/unreleased/security-commit-private-related-mr.yml5
-rw-r--r--changelogs/unreleased/security-fj-diff-import-file-read-fix.yml5
-rw-r--r--changelogs/unreleased/security-id-fix-mr-visibility.yml5
-rw-r--r--changelogs/unreleased/security-id-restricted-access-to-private-repo.yml5
-rw-r--r--changelogs/unreleased/security-issue_54789_2.yml5
-rw-r--r--changelogs/unreleased/security-kubernetes-google-login-csrf.yml5
-rw-r--r--changelogs/unreleased/security-kubernetes-local-ssrf.yml5
-rw-r--r--changelogs/unreleased/security-mermaid.yml5
-rw-r--r--changelogs/unreleased/security-osw-stop-linking-to-packages.yml5
-rw-r--r--changelogs/unreleased/security-protect-private-repo-information.yml5
22 files changed, 27 insertions, 107 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index b288106f4a6..7dcc56b3084 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,33 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
+## 11.6.10 (2019-02-28)
+
+### Security (21 changes)
+
+- Stop linking to unrecognized package sources. !55518
+- Check snippet attached file to be moved is within designated directory.
+- Fix potential Addressable::URI::InvalidURIError.
+- Do not display impersonated sessions under active sessions and remove ability to revoke session.
+- Display only information visible to current user on the Milestone page.
+- Show only merge requests visible to user on milestone detail page.
+- Disable issue boards API when issues are disabled.
+- Don't show new issue link after move when a user does not have permissions.
+- Fix git clone revealing private repo's presence.
+- Fix blind SSRF in Prometheus integration by checking URL before querying.
+- Check if desired milestone for an issue is available.
+- Don't allow non-members to see private related MRs.
+- Fix arbitrary file read via diffs during import.
+- Display the correct number of MRs a user has access to.
+- Forbid creating discussions for users with restricted access.
+- Do not disclose milestone titles for unauthorized users.
+- Validate session key when authorizing with GCP to create a cluster.
+- Block local URLs for Kubernetes integration.
+- Limit mermaid rendering to 5K characters.
+- Remove the possibility to share a project with a group that a user is not a member of.
+- Fix leaking private repository information in API.
+
+
## 11.6.9 (2019-02-04)
### Security (1 change)
diff --git a/changelogs/unreleased/2802-security-add-public-internal-groups-as-members-to-your-project-idor.yml b/changelogs/unreleased/2802-security-add-public-internal-groups-as-members-to-your-project-idor.yml
deleted file mode 100644
index 27ad151cd06..00000000000
--- a/changelogs/unreleased/2802-security-add-public-internal-groups-as-members-to-your-project-idor.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-title: Remove the possibility to share a project with a group that a user is not a member
- of
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/51971-milestones-visibility.yml b/changelogs/unreleased/51971-milestones-visibility.yml
deleted file mode 100644
index 818f0071e6c..00000000000
--- a/changelogs/unreleased/51971-milestones-visibility.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Check if desired milestone for an issue is available
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/57227-absolute-uri-missing-hierarchical-segment.yml b/changelogs/unreleased/57227-absolute-uri-missing-hierarchical-segment.yml
deleted file mode 100644
index 3dcb3e9eb4b..00000000000
--- a/changelogs/unreleased/57227-absolute-uri-missing-hierarchical-segment.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix potential Addressable::URI::InvalidURIError
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/57534_filter_impersonated_sessions.yml b/changelogs/unreleased/57534_filter_impersonated_sessions.yml
deleted file mode 100644
index 80aea0ab1bc..00000000000
--- a/changelogs/unreleased/57534_filter_impersonated_sessions.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-title: Do not display impersonated sessions under active sessions and remove ability
- to revoke session
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-2774-milestones-detail.yml b/changelogs/unreleased/security-2774-milestones-detail.yml
deleted file mode 100644
index faf56fee01e..00000000000
--- a/changelogs/unreleased/security-2774-milestones-detail.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Display only information visible to current user on the Milestone page
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-2797-milestone-mrs.yml b/changelogs/unreleased/security-2797-milestone-mrs.yml
deleted file mode 100644
index 5bb104ec403..00000000000
--- a/changelogs/unreleased/security-2797-milestone-mrs.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Show only merge requests visible to user on milestone detail page
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-2798-fix-boards-policy.yml b/changelogs/unreleased/security-2798-fix-boards-policy.yml
deleted file mode 100644
index 10e8ac3a787..00000000000
--- a/changelogs/unreleased/security-2798-fix-boards-policy.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Disable issue boards API when issues are disabled
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-2799-emails.yml b/changelogs/unreleased/security-2799-emails.yml
deleted file mode 100644
index dbf1207810e..00000000000
--- a/changelogs/unreleased/security-2799-emails.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Don't show new issue link after move when a user does not have permissions
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-50334.yml b/changelogs/unreleased/security-50334.yml
deleted file mode 100644
index 828ef82b517..00000000000
--- a/changelogs/unreleased/security-50334.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix git clone revealing private repo's presence
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-55468-check-validity-before-querying.yml b/changelogs/unreleased/security-55468-check-validity-before-querying.yml
deleted file mode 100644
index 8bb11a97f52..00000000000
--- a/changelogs/unreleased/security-55468-check-validity-before-querying.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix blind SSRF in Prometheus integration by checking URL before querying
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-56348.yml b/changelogs/unreleased/security-56348.yml
deleted file mode 100644
index a289e4e9077..00000000000
--- a/changelogs/unreleased/security-56348.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Check snippet attached file to be moved is within designated directory
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-commit-private-related-mr.yml b/changelogs/unreleased/security-commit-private-related-mr.yml
deleted file mode 100644
index c4de200b0d8..00000000000
--- a/changelogs/unreleased/security-commit-private-related-mr.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Don't allow non-members to see private related MRs.
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-fj-diff-import-file-read-fix.yml b/changelogs/unreleased/security-fj-diff-import-file-read-fix.yml
deleted file mode 100644
index e98d4e89712..00000000000
--- a/changelogs/unreleased/security-fj-diff-import-file-read-fix.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix arbitrary file read via diffs during import
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-id-fix-mr-visibility.yml b/changelogs/unreleased/security-id-fix-mr-visibility.yml
deleted file mode 100644
index 8f41d191acc..00000000000
--- a/changelogs/unreleased/security-id-fix-mr-visibility.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Display the correct number of MRs a user has access to
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-id-restricted-access-to-private-repo.yml b/changelogs/unreleased/security-id-restricted-access-to-private-repo.yml
deleted file mode 100644
index 7d7478d297b..00000000000
--- a/changelogs/unreleased/security-id-restricted-access-to-private-repo.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Forbid creating discussions for users with restricted access
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-issue_54789_2.yml b/changelogs/unreleased/security-issue_54789_2.yml
deleted file mode 100644
index 8ecb72a2ae3..00000000000
--- a/changelogs/unreleased/security-issue_54789_2.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Do not disclose milestone titles for unauthorized users
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-kubernetes-google-login-csrf.yml b/changelogs/unreleased/security-kubernetes-google-login-csrf.yml
deleted file mode 100644
index 2f87100a8dd..00000000000
--- a/changelogs/unreleased/security-kubernetes-google-login-csrf.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Validate session key when authorizing with GCP to create a cluster
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-kubernetes-local-ssrf.yml b/changelogs/unreleased/security-kubernetes-local-ssrf.yml
deleted file mode 100644
index 7a2ad092339..00000000000
--- a/changelogs/unreleased/security-kubernetes-local-ssrf.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Block local URLs for Kubernetes integration
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-mermaid.yml b/changelogs/unreleased/security-mermaid.yml
deleted file mode 100644
index ec42b5a1615..00000000000
--- a/changelogs/unreleased/security-mermaid.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Limit mermaid rendering to 5K characters
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-osw-stop-linking-to-packages.yml b/changelogs/unreleased/security-osw-stop-linking-to-packages.yml
deleted file mode 100644
index 078f06140fe..00000000000
--- a/changelogs/unreleased/security-osw-stop-linking-to-packages.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Stop linking to unrecognized package sources
-merge_request: 55518
-author:
-type: security
diff --git a/changelogs/unreleased/security-protect-private-repo-information.yml b/changelogs/unreleased/security-protect-private-repo-information.yml
deleted file mode 100644
index 8b1a528206d..00000000000
--- a/changelogs/unreleased/security-protect-private-repo-information.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix leaking private repository information in API
-merge_request:
-author:
-type: security
View Lorry Controller Status