diff options
author | Oswaldo Ferreira <oswaldo@gitlab.com> | 2018-01-11 19:23:41 +0300 |
---|---|---|
committer | Oswaldo Ferreira <oswaldo@gitlab.com> | 2018-01-11 19:23:41 +0300 |
commit | 6926edd0af67bd5d643118978abb036de6632d8d (patch) | |
tree | 614a4a61d1a0384acd46401a9906e2157fb0bdf0 | |
parent | 7b54e82a8ff8dd3b0f36393d74ab034cef068898 (diff) |
Update CHANGELOG.md for 10.1.6
[ci skip]
-rw-r--r-- | CHANGELOG.md | 14 | ||||
-rw-r--r-- | changelogs/unreleased/ac-41346-xss-ci-job-output.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/api-no-service-pw-output.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/fix-import-rce.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/jej-fix-disabled-oauth-access.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/milestones-finder-order-fix.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/projectfix.yml | 6 | ||||
-rw-r--r-- | changelogs/unreleased/security-10-3.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/sh-migrate-can-push-to-deploy-keys-projects.yml | 5 |
9 files changed, 14 insertions, 41 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index a2015f42a10..d174f6e70b7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,20 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 10.1.6 (2018-01-11) + +### Security (8 changes, 1 of them is from the community) + +- Fix writable shared deploy keys. +- Filter out sensitive fields from the project services API. (Robert Schilling) +- Fix RCE via project import mechanism. +- Prevent OAuth login POST requests when a provider has been disabled. +- Prevent a SQL injection in the MilestonesFinder. +- Check user authorization for source and target projects when creating a merge request. +- Fix path traversal in gitlab-ci.yml cache:key. +- Fix XSS vulnerability in pipeline job trace. + + ## 10.1.5 (2017-12-07) ### Security (5 changes) diff --git a/changelogs/unreleased/ac-41346-xss-ci-job-output.yml b/changelogs/unreleased/ac-41346-xss-ci-job-output.yml deleted file mode 100644 index 5ef42e49b71..00000000000 --- a/changelogs/unreleased/ac-41346-xss-ci-job-output.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix XSS vulnerability in pipeline job trace -merge_request: -author: -type: security diff --git a/changelogs/unreleased/api-no-service-pw-output.yml b/changelogs/unreleased/api-no-service-pw-output.yml deleted file mode 100644 index f0d0adaad1c..00000000000 --- a/changelogs/unreleased/api-no-service-pw-output.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Filter out sensitive fields from the project services API -merge_request: -author: Robert Schilling -type: security diff --git a/changelogs/unreleased/fix-import-rce.yml b/changelogs/unreleased/fix-import-rce.yml deleted file mode 100644 index c47e45fac31..00000000000 --- a/changelogs/unreleased/fix-import-rce.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix RCE via project import mechanism -merge_request: -author: -type: security diff --git a/changelogs/unreleased/jej-fix-disabled-oauth-access.yml b/changelogs/unreleased/jej-fix-disabled-oauth-access.yml deleted file mode 100644 index 3a92c432dc6..00000000000 --- a/changelogs/unreleased/jej-fix-disabled-oauth-access.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent OAuth login POST requests when a provider has been disabled -merge_request: -author: -type: security diff --git a/changelogs/unreleased/milestones-finder-order-fix.yml b/changelogs/unreleased/milestones-finder-order-fix.yml deleted file mode 100644 index 983c301a82d..00000000000 --- a/changelogs/unreleased/milestones-finder-order-fix.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent a SQL injection in the MilestonesFinder -merge_request: -author: -type: security diff --git a/changelogs/unreleased/projectfix.yml b/changelogs/unreleased/projectfix.yml deleted file mode 100644 index 4d8ebe6194a..00000000000 --- a/changelogs/unreleased/projectfix.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: Check user authorization for source and target projects when creating a merge - request. -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-10-3.yml b/changelogs/unreleased/security-10-3.yml deleted file mode 100644 index 5c718d976cd..00000000000 --- a/changelogs/unreleased/security-10-3.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix path traversal in gitlab-ci.yml cache:key -merge_request: -author: -type: security diff --git a/changelogs/unreleased/sh-migrate-can-push-to-deploy-keys-projects.yml b/changelogs/unreleased/sh-migrate-can-push-to-deploy-keys-projects.yml deleted file mode 100644 index cb53a94e465..00000000000 --- a/changelogs/unreleased/sh-migrate-can-push-to-deploy-keys-projects.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix writable shared deploy keys -merge_request: -author: -type: security |