diff options
| author | Robert Speicher <rspeicher@gmail.com> | 2016-04-27 00:57:27 +0300 |
|---|---|---|
| committer | Robert Speicher <rspeicher@gmail.com> | 2016-04-27 00:57:27 +0300 |
| commit | 8e00d01072ca35027d9ea0ad6c7f48c9ffe4f917 (patch) | |
| tree | a326f32548ce62582133690b7d6e32822adb610c | |
| parent | 0f295530fe933aeeca1076e338ff19f171c40dc4 (diff) | |
Update CHANGELOG for 8.5.12
[ci skip]
| -rw-r--r-- | CHANGELOG | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/CHANGELOG b/CHANGELOG index 6ad2ce43d14..9a28db2b1b0 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,13 +1,14 @@ Please view this file on the master branch, on stable branches it's out of date. v 8.5.12 - - Fix a window.opener bug that could lead to XSS and open redirects + - Prevent privilege escalation via "impersonate" feature + - Prevent privilege escalation via notes API + - Prevent privilege escalation via project webhook API - Prevent XSS via Git branch and tag names - Prevent XSS via custom issue tracker URL - - Fix vulnerability that leaks private labels and milestones - - Prevent privilege escalation via "impersonate" feature - - Prevent users from deleting Webhooks via API they do not own + - Prevent XSS via `window.opener` - Prevent information disclosure via snippet API + - Prevent information disclosure via project labels - Prevent information disclosure via new merge request page v 8.5.11 |