diff options
author | Robert Speicher <rspeicher@gmail.com> | 2016-04-27 00:56:52 +0300 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2016-04-27 00:56:52 +0300 |
commit | a5606e1482c8877ac33cc52ef74c2cf9514ea83b (patch) | |
tree | fd260ae0f98afc93b7af6826585b631d6573cfcb | |
parent | bbc92fff21ebae5414ba829e69ecb087a06cc25a (diff) |
Update CHANGELOG for 8.4.10
[ci skip]
-rw-r--r-- | CHANGELOG | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/CHANGELOG b/CHANGELOG index 9042ecc0ca5..47da55788bf 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,13 +1,14 @@ Please view this file on the master branch, on stable branches it's out of date. v 8.4.10 - - Fix a window.opener bug that could lead to XSS and open redirects + - Prevent privilege escalation via "impersonate" feature + - Prevent privilege escalation via notes API + - Prevent privilege escalation via project webhook API - Prevent XSS via Git branch and tag names - Prevent XSS via custom issue tracker URL - - Fix vulnerability that leaks private labels and milestones - - Prevent privilege escalation via "impersonate" feature - - Prevent users from deleting Webhooks via API they do not own + - Prevent XSS via `window.opener` - Prevent information disclosure via snippet API + - Prevent information disclosure via project labels - Prevent information disclosure via new merge request page v 8.4.9 |