diff options
author | Robert Speicher <robert@gitlab.com> | 2016-09-28 18:02:12 +0300 |
---|---|---|
committer | Rémy Coutable <remy@rymai.me> | 2016-09-28 19:35:09 +0300 |
commit | 1b76627f8f9a4199e39bb8e5c584af3afc2e4b94 (patch) | |
tree | d4b4ff5e54a1933e503fae340357704bcc126cdd /CHANGELOG | |
parent | 2125db47ceb4e6cbaae0197c96495f2cf9c028c1 (diff) |
Merge branch 'fix/escape-builds-commands-in-ci-linter' into 'security'
Escape HTML nodes in builds commands in ci linter
This MR removes call to `simple_format` that behaves like `String#html_safe`, thus it passes unescaped HTML tags to the view.
Closes #22541
See merge request !2001
Signed-off-by: Rémy Coutable <remy@rymai.me>
Diffstat (limited to 'CHANGELOG')
-rw-r--r-- | CHANGELOG | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG index 23fef89107b..0a25357dbc5 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -4,6 +4,7 @@ v 8.9.11 - Respect the fork_project permission when forking projects - Set a restrictive CORS policy on the API for credentialed requests - API: disable rails session auth for non-GET/HEAD requests + - Escape HTML nodes in builds commands in CI linter v 8.9.10 - Allow the Rails cookie to be used for API authentication. |