Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOswaldo Ferreira <oswaldo@gitlab.com>2018-01-11 17:27:51 +0300
committerOswaldo Ferreira <oswaldo@gitlab.com>2018-01-11 17:27:51 +0300
commit724456bf56afe03617b2e8208be5cd229ca55e40 (patch)
tree9de8611e5074e13cf75a6cb016556dd9148acce2
parent0337f3d5e30eb6263fd1577e2b3a1b27edd9a771 (diff)
Update CHANGELOG.md for 10.2.6
[ci skip]
Diffstat
-rw-r--r--CHANGELOG.md15
-rw-r--r--changelogs/unreleased/ac-41346-xss-ci-job-output.yml5
-rw-r--r--changelogs/unreleased/api-no-service-pw-output.yml5
-rw-r--r--changelogs/unreleased/fix-import-rce.yml5
-rw-r--r--changelogs/unreleased/ipython-xss-fix.yml5
-rw-r--r--changelogs/unreleased/jej-fix-disabled-oauth-access.yml5
-rw-r--r--changelogs/unreleased/milestones-finder-order-fix.yml5
-rw-r--r--changelogs/unreleased/projectfix.yml6
-rw-r--r--changelogs/unreleased/security-10-3.yml5
-rw-r--r--changelogs/unreleased/sh-migrate-can-push-to-deploy-keys-projects.yml5
10 files changed, 15 insertions, 46 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2d4c78d6120..736147307ef 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,21 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
+## 10.2.6 (2018-01-11)
+
+### Security (9 changes, 1 of them is from the community)
+
+- Fix writable shared deploy keys.
+- Filter out sensitive fields from the project services API. (Robert Schilling)
+- Fix RCE via project import mechanism.
+- Fixed IPython notebook output not being sanitized.
+- Prevent OAuth login POST requests when a provider has been disabled.
+- Prevent a SQL injection in the MilestonesFinder.
+- Check user authorization for source and target projects when creating a merge request.
+- Fix path traversal in gitlab-ci.yml cache:key.
+- Fix XSS vulnerability in pipeline job trace.
+
+
## 10.2.5 (2017-12-15)
### Fixed (8 changes)
diff --git a/changelogs/unreleased/ac-41346-xss-ci-job-output.yml b/changelogs/unreleased/ac-41346-xss-ci-job-output.yml
deleted file mode 100644
index 5ef42e49b71..00000000000
--- a/changelogs/unreleased/ac-41346-xss-ci-job-output.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix XSS vulnerability in pipeline job trace
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/api-no-service-pw-output.yml b/changelogs/unreleased/api-no-service-pw-output.yml
deleted file mode 100644
index f0d0adaad1c..00000000000
--- a/changelogs/unreleased/api-no-service-pw-output.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Filter out sensitive fields from the project services API
-merge_request:
-author: Robert Schilling
-type: security
diff --git a/changelogs/unreleased/fix-import-rce.yml b/changelogs/unreleased/fix-import-rce.yml
deleted file mode 100644
index c47e45fac31..00000000000
--- a/changelogs/unreleased/fix-import-rce.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix RCE via project import mechanism
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/ipython-xss-fix.yml b/changelogs/unreleased/ipython-xss-fix.yml
deleted file mode 100644
index 619287992d6..00000000000
--- a/changelogs/unreleased/ipython-xss-fix.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fixed IPython notebook output not being sanitized
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/jej-fix-disabled-oauth-access.yml b/changelogs/unreleased/jej-fix-disabled-oauth-access.yml
deleted file mode 100644
index 3a92c432dc6..00000000000
--- a/changelogs/unreleased/jej-fix-disabled-oauth-access.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent OAuth login POST requests when a provider has been disabled
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/milestones-finder-order-fix.yml b/changelogs/unreleased/milestones-finder-order-fix.yml
deleted file mode 100644
index 983c301a82d..00000000000
--- a/changelogs/unreleased/milestones-finder-order-fix.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent a SQL injection in the MilestonesFinder
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/projectfix.yml b/changelogs/unreleased/projectfix.yml
deleted file mode 100644
index 4d8ebe6194a..00000000000
--- a/changelogs/unreleased/projectfix.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-title: Check user authorization for source and target projects when creating a merge
- request.
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-10-3.yml b/changelogs/unreleased/security-10-3.yml
deleted file mode 100644
index 5c718d976cd..00000000000
--- a/changelogs/unreleased/security-10-3.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix path traversal in gitlab-ci.yml cache:key
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/sh-migrate-can-push-to-deploy-keys-projects.yml b/changelogs/unreleased/sh-migrate-can-push-to-deploy-keys-projects.yml
deleted file mode 100644
index cb53a94e465..00000000000
--- a/changelogs/unreleased/sh-migrate-can-push-to-deploy-keys-projects.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix writable shared deploy keys
-merge_request:
-author:
-type: security
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-28 04:11:27 +0300