diff options
| author | DJ Mountney <david@twkie.net> | 2017-04-06 03:57:31 +0300 |
|---|---|---|
| committer | DJ Mountney <david@twkie.net> | 2017-04-06 03:57:31 +0300 |
| commit | 11b350ee000beda8fc45b312822a309a2df8c088 (patch) | |
| tree | b1c8c25c5dd8a3106a12e15608298bed34db4cf6 | |
| parent | b821ed6fc270151c6be15493f431641a196b756d (diff) | |
Update CHANGELOG.md for 8.17.5
[ci skip]
| -rw-r--r-- | CHANGELOG.md | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index a10369c98a6..f8484471236 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -328,6 +328,14 @@ entry. - Change development tanuki favicon colors to match logo color order. - API issues - support filtering by iids. +## 8.17.5 (2017-04-05) + +- Don’t show source project name when user does not have access. +- Remove the class attribute from the whitelist for HTML generated from Markdown. +- Fix path disclosure in project import/export. +- Fix for open redirect vulnerability using continue[to] in URL when requesting project import status. +- Fix for open redirect vulnerabilities in todos, issues, and MR controllers. + ## 8.17.4 (2017-03-19) - Only show public emails in atom feeds. |