diff options
| author | Yorick Peterse <yorickpeterse@gmail.com> | 2019-06-03 14:56:33 +0200 |
|---|---|---|
| committer | Yorick Peterse <yorickpeterse@gmail.com> | 2019-06-03 14:56:33 +0200 |
| commit | 6cb750a2bb7e1720413a7c42ec4afebaa3f2f4d2 (patch) | |
| tree | 2f94f96a1fcb0c692f8e94e924a733d4bad9a59b /changelogs | |
| parent | 51a66a581f4d0662d04c432aa4b014dd4b634fc9 (diff) | |
| parent | 3dcf3cfde35d1506c7196634080849d002251a41 (diff) | |
| download | gitlab-ce-6cb750a2bb7e1720413a7c42ec4afebaa3f2f4d2.tar.gz | |
Merge dev.gitlab.org master into GitLab.com master
Diffstat (limited to 'changelogs')
8 files changed, 40 insertions, 0 deletions
diff --git a/changelogs/unreleased/dm-http-hostname-override.yml b/changelogs/unreleased/dm-http-hostname-override.yml new file mode 100644 index 00000000000..f84f36a0010 --- /dev/null +++ b/changelogs/unreleased/dm-http-hostname-override.yml @@ -0,0 +1,5 @@ +--- +title: Protect Gitlab::HTTP against DNS rebinding attack +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-60039.yml b/changelogs/unreleased/security-60039.yml new file mode 100644 index 00000000000..5edbf32ec97 --- /dev/null +++ b/changelogs/unreleased/security-60039.yml @@ -0,0 +1,5 @@ +--- +title: Prevent invalid branch for merge request +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-fix-confidential-issue-label-visibility-master.yml b/changelogs/unreleased/security-fix-confidential-issue-label-visibility-master.yml new file mode 100644 index 00000000000..adfd8e1298f --- /dev/null +++ b/changelogs/unreleased/security-fix-confidential-issue-label-visibility-master.yml @@ -0,0 +1,5 @@ +--- +title: Fix confidential issue label disclosure on milestone view +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-fix-project-existence-disclosure-master.yml b/changelogs/unreleased/security-fix-project-existence-disclosure-master.yml new file mode 100644 index 00000000000..084439c71d9 --- /dev/null +++ b/changelogs/unreleased/security-fix-project-existence-disclosure-master.yml @@ -0,0 +1,5 @@ +--- +title: Fix url redaction for issue links +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-fix_milestones_search_api_leak.yml b/changelogs/unreleased/security-fix_milestones_search_api_leak.yml new file mode 100644 index 00000000000..5691550b602 --- /dev/null +++ b/changelogs/unreleased/security-fix_milestones_search_api_leak.yml @@ -0,0 +1,5 @@ +--- +title: 'Resolve: Milestones leaked via search API' +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-id-leaked-password-in-import-url-frontend.yml b/changelogs/unreleased/security-id-leaked-password-in-import-url-frontend.yml new file mode 100644 index 00000000000..df636ec37fb --- /dev/null +++ b/changelogs/unreleased/security-id-leaked-password-in-import-url-frontend.yml @@ -0,0 +1,5 @@ +--- +title: Add extra fields for handling basic auth on import by url page +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-jej-prevent-web-sign-in-bypass.yml b/changelogs/unreleased/security-jej-prevent-web-sign-in-bypass.yml new file mode 100644 index 00000000000..02773fa1d7c --- /dev/null +++ b/changelogs/unreleased/security-jej-prevent-web-sign-in-bypass.yml @@ -0,0 +1,5 @@ +--- +title: Prevent bypass of restriction disabling web password sign in +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-unsubscribing-from-issue.yml b/changelogs/unreleased/security-unsubscribing-from-issue.yml new file mode 100644 index 00000000000..3a33a457c69 --- /dev/null +++ b/changelogs/unreleased/security-unsubscribing-from-issue.yml @@ -0,0 +1,5 @@ +--- +title: Hide confidential issue title on unsubscribe for anonymous users +merge_request: +author: +type: security |