summaryrefslogtreecommitdiff
path: root/CHANGELOG.md
diff options
context:
space:
mode:
authorRobert Speicher <rspeicher@gmail.com>2017-02-14 22:04:22 -0500
committerRobert Speicher <rspeicher@gmail.com>2017-02-14 22:04:22 -0500
commitafddd1895a19d83f3cc4f3f9d58339e8d79b0ad7 (patch)
treecc59be5fc9506a4d48772ca296407ff42f8397fd /CHANGELOG.md
parente9e538a20c4c1d6cdeb88b8ab08e14ef482e157e (diff)
parentf3535bbff66d410983d39ec51f75d08683407fbf (diff)
downloadgitlab-ce-afddd1895a19d83f3cc4f3f9d58339e8d79b0ad7.tar.gz
Merge remote-tracking branch 'dev/master'
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r--CHANGELOG.md23
1 files changed, 23 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 71d38e5453d..e524062a2eb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,15 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
+## 8.16.5 (2017-02-14)
+
+- No changes.
+- No changes.
+- Patch Asciidocs rendering to block XSS.
+- Fix XSS vulnerability in SVG attachments.
+- Prevent the GitHub importer from assigning labels and comments to merge requests or issues belonging to other projects.
+- Patch XSS vulnerability in RDOC support.
+
## 8.16.4 (2017-02-02)
- Support non-ASCII characters in GFM autocomplete. !8729
@@ -174,6 +183,13 @@ entry.
- Add margin to markdown math blocks.
- Add hover state to MR comment reply button.
+## 8.15.6 (2017-02-14)
+
+- Patch Asciidocs rendering to block XSS.
+- Fix XSS vulnerability in SVG attachments.
+- Prevent the GitHub importer from assigning labels and comments to merge requests or issues belonging to other projects.
+- Patch XSS vulnerability in RDOC support.
+
## 8.15.4 (2017-01-09)
- Make successful pipeline emails off for watchers. !8176
@@ -437,6 +453,13 @@ entry.
- Whitelist next project names: help, ci, admin, search. !8227
- Adds back CSS for progress-bars. !8237
+## 8.14.9 (2017-02-14)
+
+- Patch Asciidocs rendering to block XSS.
+- Fix XSS vulnerability in SVG attachments.
+- Prevent the GitHub importer from assigning labels and comments to merge requests or issues belonging to other projects.
+- Patch XSS vulnerability in RDOC support.
+
## 8.14.8 (2017-01-25)
- Accept environment variables from the `pre-receive` script. !7967