diff options
author | Robert Speicher <rspeicher@gmail.com> | 2018-02-07 19:14:11 +0300 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2018-02-07 19:14:11 +0300 |
commit | 406299f424a678f6839388ae1cd658ce875095e2 (patch) | |
tree | 6ec9854b29eb4c045f2449162eabecac66c1e852 | |
parent | 83d49d1e70627e1997f8f06decbd5504a4e206e8 (diff) |
Update CHANGELOG.md for 10.2.8
[ci skip]
5 files changed, 10 insertions, 20 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index b4ae73a7d1a..3c406cf5506 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,16 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 10.2.8 (2018-02-07) + +### Security (4 changes) + +- Fix namespace access issue for GitHub, BitBucket, and GitLab.com project importers. +- Fix stored XSS in code blocks that ignore highlighting. +- Fix wilcard protected tags protecting all branches. +- Restrict Todo API mark_as_done endpoint to the user's todos only. + + ## 10.2.7 (2018-01-18) - No changes. diff --git a/changelogs/unreleased/fix-gh-namespace-issue.yml b/changelogs/unreleased/fix-gh-namespace-issue.yml deleted file mode 100644 index 2db7abb9d58..00000000000 --- a/changelogs/unreleased/fix-gh-namespace-issue.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix namespace access issue for GitHub, BitBucket, and GitLab.com project importers -merge_request: -author: -type: security diff --git a/changelogs/unreleased/fix-stored-xss-in-code-blocks.yml b/changelogs/unreleased/fix-stored-xss-in-code-blocks.yml deleted file mode 100644 index b595459ee6b..00000000000 --- a/changelogs/unreleased/fix-stored-xss-in-code-blocks.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix stored XSS in code blocks that ignore highlighting -merge_request: -author: -type: security diff --git a/changelogs/unreleased/mc-bug-38984-wildcard-protected-tags.yml b/changelogs/unreleased/mc-bug-38984-wildcard-protected-tags.yml deleted file mode 100644 index 27219b096af..00000000000 --- a/changelogs/unreleased/mc-bug-38984-wildcard-protected-tags.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix wilcard protected tags protecting all branches -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-10-4-todo-api-reveals-sensitive-information.yml b/changelogs/unreleased/security-10-4-todo-api-reveals-sensitive-information.yml deleted file mode 100644 index 329825d1e73..00000000000 --- a/changelogs/unreleased/security-10-4-todo-api-reveals-sensitive-information.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Restrict Todo API mark_as_done endpoint to the user's todos only -merge_request: -author: -type: security |