diff options
author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-05-30 15:51:15 +0300 |
---|---|---|
committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-05-30 15:51:15 +0300 |
commit | 177dc7140ee5e7cc3102d3cefb8686cfdbed6737 (patch) | |
tree | ea53a7ac978a444fda20b6e9727dec99c5b03470 | |
parent | 5f1aaa8bf9d1c6f16d56496a7ffc151c1bfc204d (diff) |
Update CHANGELOG.md for 11.10.5
[ci skip]
13 files changed, 18 insertions, 60 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 8a660ec3870..4a1c80afdc8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,24 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 11.10.5 (2019-05-30) + +### Security (12 changes, 1 of them is from the community) + +- Protect Gitlab::HTTP against DNS rebinding attack. +- Fix project visibility level validation. (Peter Marko) +- Update Knative version. +- Add DNS rebinding protection settings. +- Prevent XSS injection in note imports. +- Prevent invalid branch for merge request. +- Filter relative links in wiki for XSS. +- Fix confidential issue label disclosure on milestone view. +- Fix url redaction for issue links. +- Resolve: Milestones leaked via search API. +- Prevent bypass of restriction disabling web password sign in. +- Hide confidential issue title on unsubscribe for anonymous users. + + ## 11.10.4 (2019-05-01) ### Fixed (12 changes) diff --git a/changelogs/unreleased/dm-http-hostname-override.yml b/changelogs/unreleased/dm-http-hostname-override.yml deleted file mode 100644 index f84f36a0010..00000000000 --- a/changelogs/unreleased/dm-http-hostname-override.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Protect Gitlab::HTTP against DNS rebinding attack -merge_request: -author: -type: security diff --git a/changelogs/unreleased/fix-project-visibility-level-validation.yml b/changelogs/unreleased/fix-project-visibility-level-validation.yml deleted file mode 100644 index c58d3fc7311..00000000000 --- a/changelogs/unreleased/fix-project-visibility-level-validation.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix project visibility level validation -merge_request: -author: Peter Marko -type: security diff --git a/changelogs/unreleased/knative-0-5.yml b/changelogs/unreleased/knative-0-5.yml deleted file mode 100644 index 00690bfb2e5..00000000000 --- a/changelogs/unreleased/knative-0-5.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Update Knative version -merge_request: -author: -type: security diff --git a/changelogs/unreleased/osw-disable-dns-rebind-protection-settings-11-11.yml b/changelogs/unreleased/osw-disable-dns-rebind-protection-settings-11-11.yml deleted file mode 100644 index fc9a8bb8025..00000000000 --- a/changelogs/unreleased/osw-disable-dns-rebind-protection-settings-11-11.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Add DNS rebinding protection settings -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-58856-persistent-xss-in-note-objects.yml b/changelogs/unreleased/security-58856-persistent-xss-in-note-objects.yml deleted file mode 100644 index d9ad5af256a..00000000000 --- a/changelogs/unreleased/security-58856-persistent-xss-in-note-objects.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent XSS injection in note imports -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-60039.yml b/changelogs/unreleased/security-60039.yml deleted file mode 100644 index 5edbf32ec97..00000000000 --- a/changelogs/unreleased/security-60039.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent invalid branch for merge request -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-60143-address-xss-issue-in-wiki-links.yml b/changelogs/unreleased/security-60143-address-xss-issue-in-wiki-links.yml deleted file mode 100644 index 5b79258af54..00000000000 --- a/changelogs/unreleased/security-60143-address-xss-issue-in-wiki-links.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Filter relative links in wiki for XSS -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-fix-confidential-issue-label-visibility-master.yml b/changelogs/unreleased/security-fix-confidential-issue-label-visibility-master.yml deleted file mode 100644 index adfd8e1298f..00000000000 --- a/changelogs/unreleased/security-fix-confidential-issue-label-visibility-master.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix confidential issue label disclosure on milestone view -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-fix-project-existence-disclosure-master.yml b/changelogs/unreleased/security-fix-project-existence-disclosure-master.yml deleted file mode 100644 index 084439c71d9..00000000000 --- a/changelogs/unreleased/security-fix-project-existence-disclosure-master.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix url redaction for issue links -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-fix_milestones_search_api_leak.yml b/changelogs/unreleased/security-fix_milestones_search_api_leak.yml deleted file mode 100644 index 5691550b602..00000000000 --- a/changelogs/unreleased/security-fix_milestones_search_api_leak.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: 'Resolve: Milestones leaked via search API' -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-jej-prevent-web-sign-in-bypass.yml b/changelogs/unreleased/security-jej-prevent-web-sign-in-bypass.yml deleted file mode 100644 index 02773fa1d7c..00000000000 --- a/changelogs/unreleased/security-jej-prevent-web-sign-in-bypass.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent bypass of restriction disabling web password sign in -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-unsubscribing-from-issue.yml b/changelogs/unreleased/security-unsubscribing-from-issue.yml deleted file mode 100644 index 3a33a457c69..00000000000 --- a/changelogs/unreleased/security-unsubscribing-from-issue.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Hide confidential issue title on unsubscribe for anonymous users -merge_request: -author: -type: security |