diff options
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r-- | CHANGELOG.md | 103 |
1 files changed, 103 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 2fc5b24aa39..54ea014a679 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,57 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 11.4.6 (2018-11-18) + +### Security (1 change) + +- Escape user fullname while rendering autocomplete template to prevent XSS. + + +## 11.4.5 (2018-11-04) + +### Fixed (4 changes, 1 of them is from the community) + +- fix link to enable usage ping from convdev index. !22545 (Anand Capur) +- Update gitlab-ui dependency to 1.8.0-hotfix.1 to fix IE11 bug. +- Remove duplicate escape in job sidebar. +- Fixed merge request fill tree toggling not respecting fluid width preference. + +### Other (1 change) + +- Fix stage dropdown not rendering in different languages. + + +## 11.4.4 (2018-10-30) + +### Security (1 change) + +- Monkey kubeclient to not follow any redirects. + + +## 11.4.3 (2018-10-26) + +- No changes. + +## 11.4.2 (2018-10-25) + +### Security (5 changes) + +- Escape entity title while autocomplete template rendering to prevent XSS. !2571 +- Persist only SHA digest of PersonalAccessToken#token. +- Redact personal tokens in unsubscribe links. +- Block loopback addresses in UrlBlocker. +- Validate Wiki attachments are valid temporary files. + + +## 11.4.1 (2018-10-23) + +### Security (2 changes) + +- Fix XSS in merge request source branch name. +- Prevent SSRF attacks in HipChat integration. + + ## 11.4.0 (2018-10-22) ### Security (9 changes) @@ -227,6 +278,36 @@ entry. - Check frozen string in style builds. (gfyoung) +## 11.3.10 (2018-11-18) + +### Security (1 change) + +- Escape user fullname while rendering autocomplete template to prevent XSS. + + +## 11.3.9 (2018-10-31) + +### Security (1 change) + +- Monkey kubeclient to not follow any redirects. + + +## 11.3.8 (2018-10-27) + +- No changes. + +## 11.3.7 (2018-10-26) + +### Security (6 changes) + +- Escape entity title while autocomplete template rendering to prevent XSS. !2557 +- Persist only SHA digest of PersonalAccessToken#token. +- Fix XSS in merge request source branch name. +- Redact personal tokens in unsubscribe links. +- Prevent SSRF attacks in HipChat integration. +- Validate Wiki attachments are valid temporary files. + + ## 11.3.6 (2018-10-17) - No changes. @@ -516,6 +597,28 @@ entry. - Creates Vue component for artifacts block on job page. +## 11.2.8 (2018-10-31) + +### Security (1 change) + +- Monkey kubeclient to not follow any redirects. + + +## 11.2.7 (2018-10-27) + +- No changes. + +## 11.2.6 (2018-10-26) + +### Security (5 changes) + +- Escape entity title while autocomplete template rendering to prevent XSS. !2558 +- Fix XSS in merge request source branch name. +- Redact personal tokens in unsubscribe links. +- Persist only SHA digest of PersonalAccessToken#token. +- Prevent SSRF attacks in HipChat integration. + + ## 11.2.5 (2018-10-05) ### Security (3 changes) |