diff options
| author | Winnie Hellmann <winnie@gitlab.com> | 2017-12-11 12:07:57 +0000 |
|---|---|---|
| committer | LUKE BENNETT <lbennett@gitlab.com> | 2017-12-13 13:51:54 +0000 |
| commit | 5d076319c68543d1428b4c8b6f64edec6d272e02 (patch) | |
| tree | 509806408d9b7273efdb483f570fa76126f7e045 /CHANGELOG.md | |
| parent | 0f68a4666ceb328c001fe86a529faee3566f417c (diff) | |
| download | gitlab-ce-5d076319c68543d1428b4c8b6f64edec6d272e02.tar.gz | |
Merge branch 'mk-pick-10-2-4-security-fixes' into 'master'
Pick 10.2.4 security fixes into master
See merge request gitlab-org/gitlab-ce!15821
(cherry picked from commit 1eff1bd385a28ccde7d0dc3a991c499ada1a63bd)
d332c8c7 Merge branch '36679-non-authorized-user-may-see-wikis-or-pipeline-page' into 'security-10-2'
8c0aa7d4 Merge branch 'bvl-10-2-email-disclosure' into 'security-10-2'
8f29d264 Merge branch 'rs-security-group-api' into 'security-10-2'
c59ae547 Merge branch 'issue_30663' into 'security-10-2'
f4fbe61a Merge branch 'note-preview' into 'security-10-2'
0f811675 Manually add 10.2.4 changelog entries
f71e48a0 Resolve conflicts in app/models/user.rb
Diffstat (limited to 'CHANGELOG.md')
| -rw-r--r-- | CHANGELOG.md | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 6088a1b3515..78f8e457c70 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,17 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 10.2.4 (2017-12-08) + +### Security (4 changes) + +- Fix e-mail address disclosure through member search fields +- Prevent creating issues through API when user does not have permissions +- Prevent an information disclosure in the Groups API +- Fix user without access to private Wiki being able to see it on the project page +- Fix Cross-Site Scripting (XSS) vulnerability while editing a comment + + ## 10.2.3 (2017-11-30) ### Fixed (7 changes) |