diff options
author | Douwe Maan <douwe@gitlab.com> | 2016-11-07 19:27:35 +0300 |
---|---|---|
committer | Rémy Coutable <remy@rymai.me> | 2016-11-08 16:13:49 +0300 |
commit | 59ecd2c922763a4786857add64007d36a128144c (patch) | |
tree | c78b6b6a7280497eda403c5d0c23686018b229f8 /VERSION | |
parent | f77a64b4fca28fb08a44aae62ec1752dd5e991f9 (diff) |
Merge branch 'markdown-xss-fix-option-2.1' into 'security'
Fix for HackerOne XSS vulnerability in markdown
This is an updated blacklist patch to fix https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2007. No text is removed. Dangerous schemes/protocols and invalid URIs are left intact but not linked.
Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23153
See merge request !2015
Signed-off-by: Rémy Coutable <remy@rymai.me>
Diffstat (limited to 'VERSION')
0 files changed, 0 insertions, 0 deletions