summaryrefslogtreecommitdiff
path: root/CHANGELOG.md
diff options
context:
space:
mode:
authorYorick Peterse <yorickpeterse@gmail.com>2019-01-31 17:41:23 +0100
committerYorick Peterse <yorickpeterse@gmail.com>2019-01-31 17:41:23 +0100
commitb93c3112d035a0a843945d292006303d11621725 (patch)
tree93d8092b33cb3aaf6d69c5d208edc98467d91d17 /CHANGELOG.md
parente4c61726b43b6200f1295776fa1538fcf7cb61fb (diff)
downloadgitlab-ce-b93c3112d035a0a843945d292006303d11621725.tar.gz
Fixed changelog for 11.7.2
This got merged up somewhere in the process of merging dev.gitlab.org and GitLab.com back together.
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r--CHANGELOG.md27
1 files changed, 0 insertions, 27 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 37bff7e50a3..4985c607d57 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,33 +4,6 @@ entry.
## 11.7.2 (2019-01-29)
-### Security (24 changes)
-
-- Make potentially malicious links more visible in the UI and scrub RTLO chars from links. !2770
-- Don't process MR refs for guests in the notes. !2771
-- Sanitize user full name to clean up any URL to prevent mail clients from auto-linking URLs. !2828
-- Fixed XSS content in KaTex links.
-- Disallows unauthorized users from accessing the pipelines section.
-- Verify that LFS upload requests are genuine.
-- Extract GitLab Pages using RubyZip.
-- Prevent awarding emojis to notes whose parent is not visible to user.
-- Prevent unauthorized replies when discussion is locked or confidential.
-- Disable git v2 protocol temporarily.
-- Fix showing ci status for guest users when public pipline are not set.
-- Fix contributed projects info still visible when user enable private profile.
-- Add subresources removal to member destroy service.
-- Add more LFS validations to prevent forgery.
-- Use common error for unauthenticated users when creating issues.
-- Fix slow regex in project reference pattern.
-- Fix private user email being visible in push (and tag push) webhooks.
-- Fix wiki access rights when external wiki is enabled.
-- Group guests are no longer able to see merge requests they don't have access to at group level.
-- Fix path disclosure on project import error.
-- Restrict project import visibility based on its group.
-- Expose CI/CD trigger token only to the trigger owner.
-- Notify only users who can access the project on project move.
-- Alias GitHub and BitBucket OAuth2 callback URLs.
-
### Fixed (1 change)
- Fix uninitialized constant with GitLab Pages.