diff options
author | Jose Ivan Vargas <jvargas@gitlab.com> | 2017-09-07 00:59:04 +0300 |
---|---|---|
committer | Jose Ivan Vargas <jvargas@gitlab.com> | 2017-09-07 00:59:04 +0300 |
commit | 874d0069f6226f6a021a2044ee7b83068e451913 (patch) | |
tree | 6bb919aa8c1e828d1545514e09effef2dc386874 /CHANGELOG.md | |
parent | 841c52c8c4cc0992d87902d038cf21be2452141c (diff) |
Update CHANGELOG.md for 9.5.4
[ci skip]
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r-- | CHANGELOG.md | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 7ee2a2cae21..5fc14f42c5a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,16 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 9.5.4 (2017-09-06) + +- [SECURITY] Upgrade mail and nokogiri gems due to security issues. !13662 (Markus Koller) +- [SECURITY] Prevent a persistent XSS in the commit author block. +- Fix XSS issue in go-get handling. +- Resolve CSRF token leakage via pathname manipulation on environments page. +- Fixes race condition in project uploads. +- Disallow arbitrary properties in `th` and `td` `style` attributes. +- Disallow the `name` attribute on all user-provided markup. + ## 9.5.3 (2017-09-03) - [SECURITY] Filter additional secrets from Rails logs. |