diff options
author | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2019-06-27 12:06:53 +0000 |
---|---|---|
committer | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2019-06-27 12:06:53 +0000 |
commit | bb771faec6ad7288d4596bf681fd5fc82368bd7f (patch) | |
tree | 65b490d4ca6462cc8cf71173a3da007244136c83 /CHANGELOG.md | |
parent | 871d06993edba9220c10ef2ca5c64f412ee5f984 (diff) | |
download | gitlab-ce-bb771faec6ad7288d4596bf681fd5fc82368bd7f.tar.gz |
Update CHANGELOG.md for 11.10.8
[ci skip]
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r-- | CHANGELOG.md | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 8d4509e370d..4625685dc9a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -555,6 +555,26 @@ entry. - Add some frozen string to spec/**/*.rb. (gfyoung) +## 11.10.8 (2019-06-27) + +### Security (10 changes) + +- Fix Denial of Service for comments when rendering issues/MR comments. +- Gate MR head_pipeline behind read_pipeline ability. +- Fix DoS vulnerability in color validation regex. +- Expose merge requests count based on user access. +- Persist tmp snippet uploads at users. +- Add missing authorizations in GraphQL. +- Disable Rails SQL query cache when applying service templates. +- Prevent Billion Laughs attack. +- Correctly check permissions when creating snippet notes. +- Prevent the detection of merge request templates by unauthorized users. + +### Performance (1 change) + +- Add improvements to global search of issues and merge requests. !27817 + + ## 11.10.6 (2019-06-04) ### Fixed (7 changes, 1 of them is from the community) |