summaryrefslogtreecommitdiff
path: root/CHANGELOG.md
diff options
context:
space:
mode:
authorWinnie Hellmann <winnie@gitlab.com>2017-12-11 16:27:39 +0000
committerWinnie Hellmann <winnie@gitlab.com>2017-12-11 16:27:39 +0000
commit40d404a6358a52eaee12feb5d43404de281d57ce (patch)
tree6690f626e2a719923300d848e3ad09bf3cee3f68 /CHANGELOG.md
parent3daa7331397d0b565911d5bb67b2411b021136fa (diff)
downloadgitlab-ce-40d404a6358a52eaee12feb5d43404de281d57ce.tar.gz
Resolve merge conflicts with dev.gitlab.org/master after security release
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r--CHANGELOG.md26
1 files changed, 24 insertions, 2 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 78f8e457c70..adf097b52f3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,9 +2,9 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
-## 10.2.4 (2017-12-08)
+## 10.2.4 (2017-12-07)
-### Security (4 changes)
+### Security (5 changes)
- Fix e-mail address disclosure through member search fields
- Prevent creating issues through API when user does not have permissions
@@ -248,6 +248,17 @@ entry.
- Add Gitaly metrics to the performance bar.
+## 10.1.5 (2017-12-07)
+
+### Security (5 changes)
+
+- Fix e-mail address disclosure through member search fields
+- Prevent creating issues through API when user does not have permissions
+- Prevent an information disclosure in the Groups API
+- Fix user without access to private Wiki being able to see it on the project page
+- Fix Cross-Site Scripting (XSS) vulnerability while editing a comment
+
+
## 10.1.4 (2017-11-14)
### Fixed (4 changes)
@@ -496,6 +507,17 @@ entry.
- creation of keys moved to services. !13331 (haseebeqx)
- Add username as GL_USERNAME in hooks.
+## 10.0.7 (2017-12-07)
+
+### Security (5 changes)
+
+- Fix e-mail address disclosure through member search fields
+- Prevent creating issues through API when user does not have permissions
+- Prevent an information disclosure in the Groups API
+- Fix user without access to private Wiki being able to see it on the project page
+- Fix Cross-Site Scripting (XSS) vulnerability while editing a comment
+
+
## 10.0.5 (2017-11-03)
- [FIXED] Fix incorrect X-axis labels in Prometheus graphs. !14258