diff options
-rw-r--r-- | CHANGELOG.md | 11 | ||||
-rw-r--r-- | changelogs/unreleased/bvl-email-disclosure.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/issue_30663.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/rs-security-group-api.yml | 5 |
4 files changed, 11 insertions, 15 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 6088a1b3515..78f8e457c70 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,17 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 10.2.4 (2017-12-08) + +### Security (4 changes) + +- Fix e-mail address disclosure through member search fields +- Prevent creating issues through API when user does not have permissions +- Prevent an information disclosure in the Groups API +- Fix user without access to private Wiki being able to see it on the project page +- Fix Cross-Site Scripting (XSS) vulnerability while editing a comment + + ## 10.2.3 (2017-11-30) ### Fixed (7 changes) diff --git a/changelogs/unreleased/bvl-email-disclosure.yml b/changelogs/unreleased/bvl-email-disclosure.yml deleted file mode 100644 index d6cd8709d9f..00000000000 --- a/changelogs/unreleased/bvl-email-disclosure.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Don't match partial email adresses -merge_request: 2227 -author: -type: security diff --git a/changelogs/unreleased/issue_30663.yml b/changelogs/unreleased/issue_30663.yml deleted file mode 100644 index b20ed6a82e7..00000000000 --- a/changelogs/unreleased/issue_30663.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent creating issues through API when user does not have permissions -merge_request: -author: -type: security diff --git a/changelogs/unreleased/rs-security-group-api.yml b/changelogs/unreleased/rs-security-group-api.yml deleted file mode 100644 index 34a39ddd6dc..00000000000 --- a/changelogs/unreleased/rs-security-group-api.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent an information disclosure in the Groups API -merge_request: -author: -type: security |