diff options
Diffstat (limited to 'changelogs/unreleased')
21 files changed, 0 insertions, 107 deletions
diff --git a/changelogs/unreleased/2802-security-add-public-internal-groups-as-members-to-your-project-idor.yml b/changelogs/unreleased/2802-security-add-public-internal-groups-as-members-to-your-project-idor.yml deleted file mode 100644 index 27ad151cd06..00000000000 --- a/changelogs/unreleased/2802-security-add-public-internal-groups-as-members-to-your-project-idor.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: Remove the possibility to share a project with a group that a user is not a member - of -merge_request: -author: -type: security diff --git a/changelogs/unreleased/51971-milestones-visibility.yml b/changelogs/unreleased/51971-milestones-visibility.yml deleted file mode 100644 index 818f0071e6c..00000000000 --- a/changelogs/unreleased/51971-milestones-visibility.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Check if desired milestone for an issue is available -merge_request: -author: -type: security diff --git a/changelogs/unreleased/57534_filter_impersonated_sessions.yml b/changelogs/unreleased/57534_filter_impersonated_sessions.yml deleted file mode 100644 index 80aea0ab1bc..00000000000 --- a/changelogs/unreleased/57534_filter_impersonated_sessions.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: Do not display impersonated sessions under active sessions and remove ability - to revoke session -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-2774-milestones-detail.yml b/changelogs/unreleased/security-2774-milestones-detail.yml deleted file mode 100644 index faf56fee01e..00000000000 --- a/changelogs/unreleased/security-2774-milestones-detail.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Display only information visible to current user on the Milestone page -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-2797-milestone-mrs.yml b/changelogs/unreleased/security-2797-milestone-mrs.yml deleted file mode 100644 index 5bb104ec403..00000000000 --- a/changelogs/unreleased/security-2797-milestone-mrs.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Show only merge requests visible to user on milestone detail page -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-2798-fix-boards-policy.yml b/changelogs/unreleased/security-2798-fix-boards-policy.yml deleted file mode 100644 index 10e8ac3a787..00000000000 --- a/changelogs/unreleased/security-2798-fix-boards-policy.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Disable issue boards API when issues are disabled -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-2799-emails.yml b/changelogs/unreleased/security-2799-emails.yml deleted file mode 100644 index dbf1207810e..00000000000 --- a/changelogs/unreleased/security-2799-emails.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Don't show new issue link after move when a user does not have permissions -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-50334.yml b/changelogs/unreleased/security-50334.yml deleted file mode 100644 index 828ef82b517..00000000000 --- a/changelogs/unreleased/security-50334.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix git clone revealing private repo's presence -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-55468-check-validity-before-querying.yml b/changelogs/unreleased/security-55468-check-validity-before-querying.yml deleted file mode 100644 index 8bb11a97f52..00000000000 --- a/changelogs/unreleased/security-55468-check-validity-before-querying.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix blind SSRF in Prometheus integration by checking URL before querying -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-56348.yml b/changelogs/unreleased/security-56348.yml deleted file mode 100644 index a289e4e9077..00000000000 --- a/changelogs/unreleased/security-56348.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Check snippet attached file to be moved is within designated directory -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-commit-private-related-mr.yml b/changelogs/unreleased/security-commit-private-related-mr.yml deleted file mode 100644 index c4de200b0d8..00000000000 --- a/changelogs/unreleased/security-commit-private-related-mr.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Don't allow non-members to see private related MRs. -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-fj-diff-import-file-read-fix.yml b/changelogs/unreleased/security-fj-diff-import-file-read-fix.yml deleted file mode 100644 index e98d4e89712..00000000000 --- a/changelogs/unreleased/security-fj-diff-import-file-read-fix.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix arbitrary file read via diffs during import -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-id-fix-mr-visibility.yml b/changelogs/unreleased/security-id-fix-mr-visibility.yml deleted file mode 100644 index 8f41d191acc..00000000000 --- a/changelogs/unreleased/security-id-fix-mr-visibility.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Display the correct number of MRs a user has access to -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-id-restricted-access-to-private-repo.yml b/changelogs/unreleased/security-id-restricted-access-to-private-repo.yml deleted file mode 100644 index 7d7478d297b..00000000000 --- a/changelogs/unreleased/security-id-restricted-access-to-private-repo.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Forbid creating discussions for users with restricted access -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-issue_54789_2.yml b/changelogs/unreleased/security-issue_54789_2.yml deleted file mode 100644 index 8ecb72a2ae3..00000000000 --- a/changelogs/unreleased/security-issue_54789_2.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Do not disclose milestone titles for unauthorized users -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-kubernetes-google-login-csrf.yml b/changelogs/unreleased/security-kubernetes-google-login-csrf.yml deleted file mode 100644 index 2f87100a8dd..00000000000 --- a/changelogs/unreleased/security-kubernetes-google-login-csrf.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Validate session key when authorizing with GCP to create a cluster -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-kubernetes-local-ssrf.yml b/changelogs/unreleased/security-kubernetes-local-ssrf.yml deleted file mode 100644 index 7a2ad092339..00000000000 --- a/changelogs/unreleased/security-kubernetes-local-ssrf.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Block local URLs for Kubernetes integration -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-mermaid.yml b/changelogs/unreleased/security-mermaid.yml deleted file mode 100644 index ec42b5a1615..00000000000 --- a/changelogs/unreleased/security-mermaid.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Limit mermaid rendering to 5K characters -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-osw-stop-linking-to-packages.yml b/changelogs/unreleased/security-osw-stop-linking-to-packages.yml deleted file mode 100644 index 078f06140fe..00000000000 --- a/changelogs/unreleased/security-osw-stop-linking-to-packages.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Stop linking to unrecognized package sources -merge_request: 55518 -author: -type: security diff --git a/changelogs/unreleased/security-protect-private-repo-information.yml b/changelogs/unreleased/security-protect-private-repo-information.yml deleted file mode 100644 index 8b1a528206d..00000000000 --- a/changelogs/unreleased/security-protect-private-repo-information.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix leaking private repository information in API -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-tags-oracle.yml b/changelogs/unreleased/security-tags-oracle.yml deleted file mode 100644 index eb8ad6f646c..00000000000 --- a/changelogs/unreleased/security-tags-oracle.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent releases links API to leak tag existance -merge_request: -author: -type: security |