diff options
| author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2018-09-26 18:11:03 +0300 |
|---|---|---|
| committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2018-09-26 18:11:03 +0300 |
| commit | 1749822b67b3dd935e1659d84bbdf3de948ccf51 (patch) | |
| tree | 2d74c5dd357b4ca5f5cd5959c88c22b286e72bbd | |
| parent | 6bf8c9636c331c7a06ecea99d7249f2261947218 (diff) | |
Update CHANGELOG.md for 11.1.7
[ci skip]
7 files changed, 12 insertions, 30 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 89dfb5a016e..78612a26f72 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,18 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 11.1.7 (2018-09-26) + +### Security (6 changes) + +- Redact confidential events in the API. +- Set timeout for syntax highlighting. +- Sanitize JSON data properly to fix XSS on Issue details page. +- Fix stored XSS in merge requests from imported repository. +- Fix xss vulnerability sourced from package.json. +- Block loopback addresses in UrlBlocker. + + ## 11.1.6 (2018-08-28) - No changes. diff --git a/changelogs/unreleased/fix-events-finder-incomplete.yml b/changelogs/unreleased/fix-events-finder-incomplete.yml deleted file mode 100644 index f3a4e421d33..00000000000 --- a/changelogs/unreleased/fix-events-finder-incomplete.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Redact confidential events in the API -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-2697-code-highlight-timeout.yml b/changelogs/unreleased/security-2697-code-highlight-timeout.yml deleted file mode 100644 index 66ad9ff822b..00000000000 --- a/changelogs/unreleased/security-2697-code-highlight-timeout.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Set timeout for syntax highlighting -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-acet-issue-details.yml b/changelogs/unreleased/security-acet-issue-details.yml deleted file mode 100644 index 64147a9d6e8..00000000000 --- a/changelogs/unreleased/security-acet-issue-details.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Sanitize JSON data properly to fix XSS on Issue details page -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-fj-stored-xss-in-repository-imports.yml b/changelogs/unreleased/security-fj-stored-xss-in-repository-imports.yml deleted file mode 100644 index 7520aa624c7..00000000000 --- a/changelogs/unreleased/security-fj-stored-xss-in-repository-imports.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix stored XSS in merge requests from imported repository -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-package-json-xss.yml b/changelogs/unreleased/security-package-json-xss.yml deleted file mode 100644 index 6ab4854e44f..00000000000 --- a/changelogs/unreleased/security-package-json-xss.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix xss vulnerability sourced from package.json -merge_request: -author: -type: security diff --git a/changelogs/unreleased/sh-block-other-localhost.yml b/changelogs/unreleased/sh-block-other-localhost.yml deleted file mode 100644 index a6a41f0bd81..00000000000 --- a/changelogs/unreleased/sh-block-other-localhost.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Block loopback addresses in UrlBlocker -merge_request: -author: -type: security |