summaryrefslogtreecommitdiff
path: root/changelogs
diff options
context:
space:
mode:
authorSteve Azzopardi <steveazz@outlook.com>2018-11-20 10:11:42 +0100
committerSteve Azzopardi <steveazz@outlook.com>2018-11-20 10:11:42 +0100
commit282a5b4c84b5b68a86f55a17e674d16b9a1a17cb (patch)
treebaca3d1acd16800fd1a33a2df5434aba75bed431 /changelogs
parenta0c86637c138a17a8ae136e4698cf192b5949c36 (diff)
parente35eeaf8afce6842e490f1386d3cdaaaf5f0126c (diff)
downloadgitlab-ce-282a5b4c84b5b68a86f55a17e674d16b9a1a17cb.tar.gz
Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhq
Diffstat (limited to 'changelogs')
-rw-r--r--changelogs/unreleased/security-2717-xss-username-autocomplete.yml5
-rw-r--r--changelogs/unreleased/sh-fix-issue-54189.yml5
2 files changed, 10 insertions, 0 deletions
diff --git a/changelogs/unreleased/security-2717-xss-username-autocomplete.yml b/changelogs/unreleased/security-2717-xss-username-autocomplete.yml
new file mode 100644
index 00000000000..d9b1015eeb4
--- /dev/null
+++ b/changelogs/unreleased/security-2717-xss-username-autocomplete.yml
@@ -0,0 +1,5 @@
+---
+title: Escape user fullname while rendering autocomplete template to prevent XSS
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/sh-fix-issue-54189.yml b/changelogs/unreleased/sh-fix-issue-54189.yml
new file mode 100644
index 00000000000..eee743aa5d9
--- /dev/null
+++ b/changelogs/unreleased/sh-fix-issue-54189.yml
@@ -0,0 +1,5 @@
+---
+title: Prevent templated services from being imported
+merge_request:
+author:
+type: security
View Lorry Controller Status