diff options
| author | Alessio Caiazza <acaiazza@gitlab.com> | 2018-06-21 17:35:40 +0200 |
|---|---|---|
| committer | Alessio Caiazza <acaiazza@gitlab.com> | 2018-06-21 17:35:40 +0200 |
| commit | e96b196110518bc02363af4ab457a50c882f48c1 (patch) | |
| tree | 881ae78f46da3f23ddf939a8703088b2a19fa599 /CHANGELOG.md | |
| parent | 45f6bacd5ee6f9a6473166ab84a6d135e3ce3082 (diff) | |
| download | gitlab-ce-e96b196110518bc02363af4ab457a50c882f48c1.tar.gz | |
Update CHANGELOG.md for 10.8.5
[ci skip]
Diffstat (limited to 'CHANGELOG.md')
| -rw-r--r-- | CHANGELOG.md | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index e21aa1f1154..09bac7a92aa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -253,6 +253,17 @@ entry. - Workhorse to send raw diff and patch for commits. +## 10.8.5 (2018-06-21) + +### Security (5 changes) + +- Fix XSS vulnerability for table of content generation. +- Update sanitize gem to 4.6.5 to fix HTML injection vulnerability. +- HTML escape branch name in project graphs page. +- HTML escape the name of the user in ProjectsHelper#link_to_member. +- Don't show events from internal projects for anonymous users in public feed. + + ## 10.8.4 (2018-06-06) - No changes. |