summaryrefslogtreecommitdiff
path: root/changelogs
diff options
context:
space:
mode:
Diffstat (limited to 'changelogs')
-rw-r--r--changelogs/unreleased/17817-hashed_session_ids_in_redis.yml5
-rw-r--r--changelogs/unreleased/195327-update-confidentiality-and-milestone.yml6
-rw-r--r--changelogs/unreleased/feature-flag-plan-limits.yml5
-rw-r--r--changelogs/unreleased/security-fix_session_bypassing_for_admin_mode_in_api.yml5
-rw-r--r--changelogs/unreleased/security-fixes-release-asset-link-filepath-ReDoS.yml5
-rw-r--r--changelogs/unreleased/security-members-expiry-date-should-be-in-future.yml5
6 files changed, 31 insertions, 0 deletions
diff --git a/changelogs/unreleased/17817-hashed_session_ids_in_redis.yml b/changelogs/unreleased/17817-hashed_session_ids_in_redis.yml
new file mode 100644
index 00000000000..0c274f33f36
--- /dev/null
+++ b/changelogs/unreleased/17817-hashed_session_ids_in_redis.yml
@@ -0,0 +1,5 @@
+---
+title: Do not store session id in Redis
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/195327-update-confidentiality-and-milestone.yml b/changelogs/unreleased/195327-update-confidentiality-and-milestone.yml
new file mode 100644
index 00000000000..1f883523353
--- /dev/null
+++ b/changelogs/unreleased/195327-update-confidentiality-and-milestone.yml
@@ -0,0 +1,6 @@
+---
+title: Fix permission checks when updating confidentiality and milestone on issues
+ or merge requests
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/feature-flag-plan-limits.yml b/changelogs/unreleased/feature-flag-plan-limits.yml
new file mode 100644
index 00000000000..cac5e0847e4
--- /dev/null
+++ b/changelogs/unreleased/feature-flag-plan-limits.yml
@@ -0,0 +1,5 @@
+---
+title: Adds feature flags plan limits
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-fix_session_bypassing_for_admin_mode_in_api.yml b/changelogs/unreleased/security-fix_session_bypassing_for_admin_mode_in_api.yml
new file mode 100644
index 00000000000..bf86f177cd3
--- /dev/null
+++ b/changelogs/unreleased/security-fix_session_bypassing_for_admin_mode_in_api.yml
@@ -0,0 +1,5 @@
+---
+title: Do not bypass admin mode when authenticated with deploy token
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-fixes-release-asset-link-filepath-ReDoS.yml b/changelogs/unreleased/security-fixes-release-asset-link-filepath-ReDoS.yml
new file mode 100644
index 00000000000..e48c3ff963c
--- /dev/null
+++ b/changelogs/unreleased/security-fixes-release-asset-link-filepath-ReDoS.yml
@@ -0,0 +1,5 @@
+---
+title: Fixes release asset link filepath ReDoS
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-members-expiry-date-should-be-in-future.yml b/changelogs/unreleased/security-members-expiry-date-should-be-in-future.yml
new file mode 100644
index 00000000000..42418f24345
--- /dev/null
+++ b/changelogs/unreleased/security-members-expiry-date-should-be-in-future.yml
@@ -0,0 +1,5 @@
+---
+title: Validate that membership expiry dates are not in the past
+merge_request:
+author:
+type: security
View Lorry Controller Status