Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlessio Caiazza <acaiazza@gitlab.com>2018-06-21 18:14:02 +0300
committerAlessio Caiazza <acaiazza@gitlab.com>2018-06-21 18:14:02 +0300
commit2050efed7c2a7f7e06eb547f6fc2f53d40308954 (patch)
tree04aa9417a3a7f2417558b703b68d626f0331c9d8
parent1a337648bdc21236b19567184d1ba55701e7866f (diff)
Update CHANGELOG.md for 11.0.1
[ci skip]
Diffstat
-rw-r--r--CHANGELOG.md11
-rw-r--r--changelogs/unreleased/security-2682-fix-xss-for-markdown-toc.yml5
-rw-r--r--changelogs/unreleased/security-fj-bumping-sanitize-gem.yml5
-rw-r--r--changelogs/unreleased/security-html_escape_branch_name.yml5
-rw-r--r--changelogs/unreleased/security-html_escape_usernames.yml5
-rw-r--r--changelogs/unreleased/security-rd-do-not-show-internal-info-in-public-feed.yml5
6 files changed, 11 insertions, 25 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index eabacbc2e1d..e21aa1f1154 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,17 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
+## 11.0.1 (2018-06-21)
+
+### Security (5 changes)
+
+- Fix XSS vulnerability for table of content generation.
+- Update sanitize gem to 4.6.5 to fix HTML injection vulnerability.
+- HTML escape branch name in project graphs page.
+- HTML escape the name of the user in ProjectsHelper#link_to_member.
+- Don't show events from internal projects for anonymous users in public feed.
+
+
## 11.0.0 (2018-06-22)
### Security (3 changes)
diff --git a/changelogs/unreleased/security-2682-fix-xss-for-markdown-toc.yml b/changelogs/unreleased/security-2682-fix-xss-for-markdown-toc.yml
deleted file mode 100644
index f595678c3c2..00000000000
--- a/changelogs/unreleased/security-2682-fix-xss-for-markdown-toc.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix XSS vulnerability for table of content generation
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-fj-bumping-sanitize-gem.yml b/changelogs/unreleased/security-fj-bumping-sanitize-gem.yml
deleted file mode 100644
index bec1033425d..00000000000
--- a/changelogs/unreleased/security-fj-bumping-sanitize-gem.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Update sanitize gem to 4.6.5 to fix HTML injection vulnerability
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-html_escape_branch_name.yml b/changelogs/unreleased/security-html_escape_branch_name.yml
deleted file mode 100644
index 02d1065348f..00000000000
--- a/changelogs/unreleased/security-html_escape_branch_name.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: HTML escape branch name in project graphs page
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-html_escape_usernames.yml b/changelogs/unreleased/security-html_escape_usernames.yml
deleted file mode 100644
index 7e69e4ae266..00000000000
--- a/changelogs/unreleased/security-html_escape_usernames.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: HTML escape the name of the user in ProjectsHelper#link_to_member
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-rd-do-not-show-internal-info-in-public-feed.yml b/changelogs/unreleased/security-rd-do-not-show-internal-info-in-public-feed.yml
deleted file mode 100644
index ff78c162dff..00000000000
--- a/changelogs/unreleased/security-rd-do-not-show-internal-info-in-public-feed.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Don't show events from internal projects for anonymous users in public feed
-merge_request:
-author:
-type: security
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-12 02:54:44 +0300