Merge branch 'rs-issue-15126' into 'master'

Remove persistent XSS vulnerability in `commit_person_link` helper Because we were incorrectly supplying the tooltip title as `data-original-title` (which Bootstrap's Tooltip JS automatically applies based on the `title` attribute; we should never be setting it directly), the value was being passed through as-is. Instead, we should be supplying the normal `title` attribute and letting Rails escape the value, which also negates the need for us to call `sanitize` on it. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15126 See merge request !1948 Signed-off-by: Rémy Coutable <remy@rymai.me>
author: Douwe Maan <douwe@gitlab.com> 2016-04-19 18:16:00 +0300
committer: Rémy Coutable <remy@rymai.me> 2016-04-19 18:35:32 +0300
commit: 2c9cd67f78ea5cebc8fa4c57027990589bea0d2d (patch)
tree: a3f91abb3461fe02049d387ffa494388934c4f16 /CHANGELOG
parent: 93e923fc044f4d686b72a6db882620c538727f9b (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/CHANGELOG b/CHANGELOG
index eb2df0e39c8..abd6b4ad3e7 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,7 +1,7 @@
 Please view this file on the master branch, on stable branches it's out of date.
 
 v 8.5.11
-  - No changes
+  - Fix persistent XSS vulnerability in `commit_person_link` helper
 
 v 8.5.10
   - Fix a 2FA authentication spoofing vulnerability.
author	Douwe Maan <douwe@gitlab.com>	2016-04-19 18:16:00 +0300
committer	Rémy Coutable <remy@rymai.me>	2016-04-19 18:35:32 +0300
commit	2c9cd67f78ea5cebc8fa4c57027990589bea0d2d (patch)
tree	a3f91abb3461fe02049d387ffa494388934c4f16 /CHANGELOG
parent	93e923fc044f4d686b72a6db882620c538727f9b (diff)