diff options
author | Robert Speicher <rspeicher@gmail.com> | 2016-04-27 00:56:01 +0300 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2016-04-27 00:56:01 +0300 |
commit | e3bcddf2cc795d1dcedec65338781eed09e97197 (patch) | |
tree | 473cbcc899e37c3091fa58c211e68c44919e1652 | |
parent | a0ebf759fe4889021711f1d0c3c694e87125062d (diff) |
Update CHANGELOG for 8.3.9
[ci skip]
-rw-r--r-- | CHANGELOG | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/CHANGELOG b/CHANGELOG index 24924ea44a6..5be22a3ff6f 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,12 +1,12 @@ Please view this file on the master branch, on stable branches it's out of date. v 8.3.9 - - Fix a window.opener bug that could lead to XSS and open redirects - - Prevent XSS via custom issue tracker URL - - Fix vulnerability that leaks private labels and milestones - Prevent privilege escalation via "impersonate" feature - - Prevent users from deleting Webhooks via API they do not own - - Prevent information disclosure via snippet API + - Prevent privilege escalation via notes API + - Prevent privilege escalation via project webhook API + - Prevent XSS via custom issue tracker URL + - Prevent XSS via `window.opener` + - Prevent information disclosure via project labels - Prevent information disclosure via new merge request page v 8.3.8 |