diff options
| author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2018-10-26 10:30:14 +0300 |
|---|---|---|
| committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2018-10-26 10:30:14 +0300 |
| commit | 70dd373dc84f0b63b8ae745e6820f4f66db13ca8 (patch) | |
| tree | be2bf244d636e1f26674f4bacf7cf8405661ad90 | |
| parent | 0fe2f07a0a0190221793cb8c9b0306a8fc050d6a (diff) | |
Update CHANGELOG.md for 11.3.7
[ci skip]
7 files changed, 12 insertions, 30 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 7750c267bed..0d051a87f16 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,18 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 11.3.7 (2018-10-26) + +### Security (6 changes) + +- Escape entity title while autocomplete template rendering to prevent XSS. !2557 +- Persist only SHA digest of PersonalAccessToken#token. +- Fix XSS in merge request source branch name. +- Redact personal tokens in unsubscribe links. +- Prevent SSRF attacks in HipChat integration. +- Validate Wiki attachments are valid temporary files. + + ## 11.3.6 (2018-10-17) - No changes. diff --git a/changelogs/unreleased/51527-xss-in-mr-source-branch.yml b/changelogs/unreleased/51527-xss-in-mr-source-branch.yml deleted file mode 100644 index dae277b6413..00000000000 --- a/changelogs/unreleased/51527-xss-in-mr-source-branch.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix XSS in merge request source branch name -merge_request: -author: -type: security diff --git a/changelogs/unreleased/redact-links-dev.yml b/changelogs/unreleased/redact-links-dev.yml deleted file mode 100644 index 338e7965465..00000000000 --- a/changelogs/unreleased/redact-links-dev.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Redact personal tokens in unsubscribe links. -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-11-3-2717-fix-issue-title-xss.yml b/changelogs/unreleased/security-11-3-2717-fix-issue-title-xss.yml deleted file mode 100644 index c346b8734de..00000000000 --- a/changelogs/unreleased/security-11-3-2717-fix-issue-title-xss.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Escape entity title while autocomplete template rendering to prevent XSS -merge_request: 2557 -author: -type: security diff --git a/changelogs/unreleased/security-51113-hash_personal_access_tokens.yml b/changelogs/unreleased/security-51113-hash_personal_access_tokens.yml deleted file mode 100644 index 4cebe814148..00000000000 --- a/changelogs/unreleased/security-51113-hash_personal_access_tokens.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Persist only SHA digest of PersonalAccessToken#token -merge_request: -author: -type: security diff --git a/changelogs/unreleased/sh-fix-hipchat-ssrf.yml b/changelogs/unreleased/sh-fix-hipchat-ssrf.yml deleted file mode 100644 index cdc95a34fcf..00000000000 --- a/changelogs/unreleased/sh-fix-hipchat-ssrf.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent SSRF attacks in HipChat integration -merge_request: -author: -type: security diff --git a/changelogs/unreleased/sh-fix-wiki-security-issue-53072.yml b/changelogs/unreleased/sh-fix-wiki-security-issue-53072.yml deleted file mode 100644 index ac6ab7cc3f4..00000000000 --- a/changelogs/unreleased/sh-fix-wiki-security-issue-53072.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Validate Wiki attachments are valid temporary files -merge_request: -author: -type: security |