summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGELOG.md11
-rw-r--r--changelogs/unreleased/bvl-email-disclosure.yml5
-rw-r--r--changelogs/unreleased/issue_30663.yml5
-rw-r--r--changelogs/unreleased/rs-security-group-api.yml5
4 files changed, 11 insertions, 15 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6088a1b3515..78f8e457c70 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,17 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
+## 10.2.4 (2017-12-08)
+
+### Security (4 changes)
+
+- Fix e-mail address disclosure through member search fields
+- Prevent creating issues through API when user does not have permissions
+- Prevent an information disclosure in the Groups API
+- Fix user without access to private Wiki being able to see it on the project page
+- Fix Cross-Site Scripting (XSS) vulnerability while editing a comment
+
+
## 10.2.3 (2017-11-30)
### Fixed (7 changes)
diff --git a/changelogs/unreleased/bvl-email-disclosure.yml b/changelogs/unreleased/bvl-email-disclosure.yml
deleted file mode 100644
index d6cd8709d9f..00000000000
--- a/changelogs/unreleased/bvl-email-disclosure.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Don't match partial email adresses
-merge_request: 2227
-author:
-type: security
diff --git a/changelogs/unreleased/issue_30663.yml b/changelogs/unreleased/issue_30663.yml
deleted file mode 100644
index b20ed6a82e7..00000000000
--- a/changelogs/unreleased/issue_30663.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent creating issues through API when user does not have permissions
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/rs-security-group-api.yml b/changelogs/unreleased/rs-security-group-api.yml
deleted file mode 100644
index 34a39ddd6dc..00000000000
--- a/changelogs/unreleased/rs-security-group-api.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent an information disclosure in the Groups API
-merge_request:
-author:
-type: security