Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/CHANGELOG
diff options
context:
space:
mode:
authorRémy Coutable <remy@gitlab.com>2016-04-25 12:26:58 +0300
committerRémy Coutable <remy@rymai.me>2016-04-26 12:04:15 +0300
commit20cb5a7b3ecffac346498bda13184005103c1285 (patch)
treebeadbdcc19d1742ee8a3523c2f6b6b4842dca930 /CHANGELOG
parent88e60bbbcb676274fd4a84ca4bc7f70497a09671 (diff)
Merge branch 'fix-project-hook-delete-permissions' into 'master'
Prevent users from deleting Webhooks via API they do not own Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/15576 See merge request !1959 Signed-off-by: Rémy Coutable <remy@rymai.me>
Diffstat (limited to 'CHANGELOG')
-rw-r--r--CHANGELOG5
1 files changed, 5 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG
index c4465c63a06..85c9a1476b4 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,10 @@
Please view this file on the master branch, on stable branches it's out of date.
+v 8.2.5
+ - Fix a window.opener bug that could lead to XSS and open redirects
+ - Prevent privilege escalation via "impersonate" feature
+ - Prevent users from deleting Webhooks via API they do not own
+
v 8.2.4
- Bump Git version requirement to 2.7.4
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-14 23:16:51 +0300