diff options
author | DJ Mountney <david@twkie.net> | 2017-04-06 04:02:20 +0300 |
---|---|---|
committer | DJ Mountney <david@twkie.net> | 2017-04-06 04:02:20 +0300 |
commit | 66adf7a69a1b346424fdff33c6462ec7386935fe (patch) | |
tree | 4a7c9dfce6aa45ddd460fc7368edbfa84503e589 | |
parent | 0a4c76aaaa136a34fbd3966d5206c106ff2ef526 (diff) |
Update CHANGELOG.md for 8.16.9
[ci skip]
-rw-r--r-- | CHANGELOG.md | 8 | ||||
-rw-r--r-- | changelogs/unreleased/29364-private-projects-mr-fix.yml | 4 | ||||
-rw-r--r-- | changelogs/unreleased/30125-markdown-security.yml | 4 | ||||
-rw-r--r-- | changelogs/unreleased/file-import-export-path-disclosure.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/open-redirect-continue-params.yml | 4 | ||||
-rw-r--r-- | changelogs/unreleased/open-redirect-host-field.yml | 4 |
6 files changed, 8 insertions, 21 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 6fb2fa00579..b927579e24f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,14 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 8.16.9 (2017-04-05) + +- Don’t show source project name when user does not have access. +- Remove the class attribute from the whitelist for HTML generated from Markdown. +- Fix path disclosure in project import/export. +- Fix for open redirect vulnerability using continue[to] in URL when requesting project import status. +- Fix for open redirect vulnerabilities in todos, issues, and MR controllers. + ## 8.16.8 (2017-03-19) - Only show public emails in atom feeds. diff --git a/changelogs/unreleased/29364-private-projects-mr-fix.yml b/changelogs/unreleased/29364-private-projects-mr-fix.yml deleted file mode 100644 index ab93d6f337b..00000000000 --- a/changelogs/unreleased/29364-private-projects-mr-fix.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -title: Don’t show source project name when user does not have access -merge_request: -author: diff --git a/changelogs/unreleased/30125-markdown-security.yml b/changelogs/unreleased/30125-markdown-security.yml deleted file mode 100644 index b766caf7d08..00000000000 --- a/changelogs/unreleased/30125-markdown-security.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -title: Remove the class attribute from the whitelist for HTML generated from Markdown. -merge_request: -author: diff --git a/changelogs/unreleased/file-import-export-path-disclosure.yml b/changelogs/unreleased/file-import-export-path-disclosure.yml deleted file mode 100644 index 1a297d07187..00000000000 --- a/changelogs/unreleased/file-import-export-path-disclosure.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix path disclosure in project import/export -merge_request: -author: - diff --git a/changelogs/unreleased/open-redirect-continue-params.yml b/changelogs/unreleased/open-redirect-continue-params.yml deleted file mode 100644 index def3bc7d929..00000000000 --- a/changelogs/unreleased/open-redirect-continue-params.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -title: Fix for open redirect vulnerability using continue[to] in URL when requesting project import status. -merge_request: -author: diff --git a/changelogs/unreleased/open-redirect-host-field.yml b/changelogs/unreleased/open-redirect-host-field.yml deleted file mode 100644 index bed4b47cf04..00000000000 --- a/changelogs/unreleased/open-redirect-host-field.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -title: Fix for open redirect vulnerabilities in todos, issues, and MR controllers. -merge_request: -author: |