diff options
| author | Luke Bennett <lukeeeebennettplus@gmail.com> | 2018-02-05 13:47:45 +0000 |
|---|---|---|
| committer | Luke Bennett <lukeeeebennettplus@gmail.com> | 2018-02-05 13:47:45 +0000 |
| commit | a674e131ee35b5e11d0c6eee6c00372b7d232d6d (patch) | |
| tree | e06d03e0da124b2304b7425f9947fcac20a127c7 /CHANGELOG.md | |
| parent | 00b28eed84c9d4484a023702bf2d334bd5a92e12 (diff) | |
| download | gitlab-ce-a674e131ee35b5e11d0c6eee6c00372b7d232d6d.tar.gz | |
Update CHANGELOG.md for 10.3.7
[ci skip]
Diffstat (limited to 'CHANGELOG.md')
| -rw-r--r-- | CHANGELOG.md | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 3794ebc7d25..11998bb2bb2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -207,6 +207,16 @@ entry. - Use a background migration for issues.closed_at. +## 10.3.7 (2018-02-05) + +### Security (4 changes) + +- Fix namespace access issue for GitHub, BitBucket, and GitLab.com project importers. +- Fix stored XSS in code blocks that ignore highlighting. +- Fix wilcard protected tags protecting all branches. +- Restrict Todo API mark_as_done endpoint to the user's todos only. + + ## 10.3.6 (2018-01-22) ### Fixed (17 changes, 2 of them are from the community) |