diff options
author | Oswaldo Ferreira <oswaldo@gitlab.com> | 2018-01-11 17:27:51 +0300 |
---|---|---|
committer | Oswaldo Ferreira <oswaldo@gitlab.com> | 2018-01-11 17:27:51 +0300 |
commit | 724456bf56afe03617b2e8208be5cd229ca55e40 (patch) | |
tree | 9de8611e5074e13cf75a6cb016556dd9148acce2 | |
parent | 0337f3d5e30eb6263fd1577e2b3a1b27edd9a771 (diff) |
Update CHANGELOG.md for 10.2.6
[ci skip]
-rw-r--r-- | CHANGELOG.md | 15 | ||||
-rw-r--r-- | changelogs/unreleased/ac-41346-xss-ci-job-output.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/api-no-service-pw-output.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/fix-import-rce.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/ipython-xss-fix.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/jej-fix-disabled-oauth-access.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/milestones-finder-order-fix.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/projectfix.yml | 6 | ||||
-rw-r--r-- | changelogs/unreleased/security-10-3.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/sh-migrate-can-push-to-deploy-keys-projects.yml | 5 |
10 files changed, 15 insertions, 46 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 2d4c78d6120..736147307ef 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,21 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 10.2.6 (2018-01-11) + +### Security (9 changes, 1 of them is from the community) + +- Fix writable shared deploy keys. +- Filter out sensitive fields from the project services API. (Robert Schilling) +- Fix RCE via project import mechanism. +- Fixed IPython notebook output not being sanitized. +- Prevent OAuth login POST requests when a provider has been disabled. +- Prevent a SQL injection in the MilestonesFinder. +- Check user authorization for source and target projects when creating a merge request. +- Fix path traversal in gitlab-ci.yml cache:key. +- Fix XSS vulnerability in pipeline job trace. + + ## 10.2.5 (2017-12-15) ### Fixed (8 changes) diff --git a/changelogs/unreleased/ac-41346-xss-ci-job-output.yml b/changelogs/unreleased/ac-41346-xss-ci-job-output.yml deleted file mode 100644 index 5ef42e49b71..00000000000 --- a/changelogs/unreleased/ac-41346-xss-ci-job-output.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix XSS vulnerability in pipeline job trace -merge_request: -author: -type: security diff --git a/changelogs/unreleased/api-no-service-pw-output.yml b/changelogs/unreleased/api-no-service-pw-output.yml deleted file mode 100644 index f0d0adaad1c..00000000000 --- a/changelogs/unreleased/api-no-service-pw-output.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Filter out sensitive fields from the project services API -merge_request: -author: Robert Schilling -type: security diff --git a/changelogs/unreleased/fix-import-rce.yml b/changelogs/unreleased/fix-import-rce.yml deleted file mode 100644 index c47e45fac31..00000000000 --- a/changelogs/unreleased/fix-import-rce.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix RCE via project import mechanism -merge_request: -author: -type: security diff --git a/changelogs/unreleased/ipython-xss-fix.yml b/changelogs/unreleased/ipython-xss-fix.yml deleted file mode 100644 index 619287992d6..00000000000 --- a/changelogs/unreleased/ipython-xss-fix.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fixed IPython notebook output not being sanitized -merge_request: -author: -type: security diff --git a/changelogs/unreleased/jej-fix-disabled-oauth-access.yml b/changelogs/unreleased/jej-fix-disabled-oauth-access.yml deleted file mode 100644 index 3a92c432dc6..00000000000 --- a/changelogs/unreleased/jej-fix-disabled-oauth-access.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent OAuth login POST requests when a provider has been disabled -merge_request: -author: -type: security diff --git a/changelogs/unreleased/milestones-finder-order-fix.yml b/changelogs/unreleased/milestones-finder-order-fix.yml deleted file mode 100644 index 983c301a82d..00000000000 --- a/changelogs/unreleased/milestones-finder-order-fix.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent a SQL injection in the MilestonesFinder -merge_request: -author: -type: security diff --git a/changelogs/unreleased/projectfix.yml b/changelogs/unreleased/projectfix.yml deleted file mode 100644 index 4d8ebe6194a..00000000000 --- a/changelogs/unreleased/projectfix.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: Check user authorization for source and target projects when creating a merge - request. -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-10-3.yml b/changelogs/unreleased/security-10-3.yml deleted file mode 100644 index 5c718d976cd..00000000000 --- a/changelogs/unreleased/security-10-3.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix path traversal in gitlab-ci.yml cache:key -merge_request: -author: -type: security diff --git a/changelogs/unreleased/sh-migrate-can-push-to-deploy-keys-projects.yml b/changelogs/unreleased/sh-migrate-can-push-to-deploy-keys-projects.yml deleted file mode 100644 index cb53a94e465..00000000000 --- a/changelogs/unreleased/sh-migrate-can-push-to-deploy-keys-projects.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix writable shared deploy keys -merge_request: -author: -type: security |