summaryrefslogtreecommitdiff
path: root/CHANGELOG.md
diff options
context:
space:
mode:
authorJose Ivan Vargas <jvargas@gitlab.com>2017-09-06 16:59:05 -0500
committerJose Ivan Vargas <jvargas@gitlab.com>2017-09-06 16:59:05 -0500
commitac38f36abe017dfe80a30c2e646a14c4c69c08b0 (patch)
treed14f08e62129e87cbee0b808263c69c0b5aa4705 /CHANGELOG.md
parenta0274a502b859c99db5306700daf02e980e86b86 (diff)
downloadgitlab-ce-ac38f36abe017dfe80a30c2e646a14c4c69c08b0.tar.gz
Update CHANGELOG.md for 9.5.4
[ci skip]
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r--CHANGELOG.md10
1 files changed, 10 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index eed9f71ed58..4cedfa60b3e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,16 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
+## 9.5.4 (2017-09-06)
+
+- [SECURITY] Upgrade mail and nokogiri gems due to security issues. !13662 (Markus Koller)
+- [SECURITY] Prevent a persistent XSS in the commit author block.
+- Fix XSS issue in go-get handling.
+- Resolve CSRF token leakage via pathname manipulation on environments page.
+- Fixes race condition in project uploads.
+- Disallow arbitrary properties in `th` and `td` `style` attributes.
+- Disallow the `name` attribute on all user-provided markup.
+
## 9.5.3 (2017-09-03)
- [SECURITY] Filter additional secrets from Rails logs.