diff options
author | Robert Speicher <rspeicher@gmail.com> | 2016-04-27 00:55:22 +0300 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2016-04-27 00:55:22 +0300 |
commit | 15c667d897dae0983578ceb25e13bb01a100c872 (patch) | |
tree | 8d14166bfa7ae8621fcde4e8544153c94492abd7 | |
parent | 076632f170271ad08e7be1aaaf5a1cb63a0c639f (diff) |
Update CHANGELOG for 8.2.5
[ci skip]
-rw-r--r-- | CHANGELOG | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/CHANGELOG b/CHANGELOG index bbe09f2b599..b7f3515f858 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,11 +1,11 @@ Please view this file on the master branch, on stable branches it's out of date. v 8.2.5 - - Fix a window.opener bug that could lead to XSS and open redirects - - Fix vulnerability that leaks private labels and milestones - Prevent privilege escalation via "impersonate" feature - - Prevent users from deleting Webhooks via API they do not own - - Prevent information disclosure via snippet API + - Prevent privilege escalation via notes API + - Prevent privilege escalation via project webhook API + - Prevent XSS via `window.opener` + - Prevent information disclosure via project labels - Prevent information disclosure via new merge request page v 8.2.4 |