diff options
author | Marin Jankovski <maxlazio@gmail.com> | 2019-07-03 12:55:42 +0300 |
---|---|---|
committer | Marin Jankovski <maxlazio@gmail.com> | 2019-07-03 12:55:42 +0300 |
commit | 49d689fb3c7781c861f995aaafef4b224581020b (patch) | |
tree | d13db636b3756f7985431420f0aae6f0b234b14a /changelogs | |
parent | ab0c3e086f5c0fc3eeb1335bbe4c8de02676dc16 (diff) | |
parent | bebbb43f7133cc03c3a9944d2a4b9586a6a0d06f (diff) |
Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhq
Diffstat (limited to 'changelogs')
9 files changed, 45 insertions, 0 deletions
diff --git a/changelogs/unreleased/osw-persist-tmp-snippet-uploads.yml b/changelogs/unreleased/osw-persist-tmp-snippet-uploads.yml new file mode 100644 index 00000000000..9348626c41d --- /dev/null +++ b/changelogs/unreleased/osw-persist-tmp-snippet-uploads.yml @@ -0,0 +1,5 @@ +--- +title: Persist tmp snippet uploads at users +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-2858-fix-color-validation.yml b/changelogs/unreleased/security-2858-fix-color-validation.yml new file mode 100644 index 00000000000..3430207a2b6 --- /dev/null +++ b/changelogs/unreleased/security-2858-fix-color-validation.yml @@ -0,0 +1,5 @@ +--- +title: Fix DoS vulnerability in color validation regex +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-59581-related-merge-requests-count.yml b/changelogs/unreleased/security-59581-related-merge-requests-count.yml new file mode 100644 index 00000000000..83faa2f7c13 --- /dev/null +++ b/changelogs/unreleased/security-59581-related-merge-requests-count.yml @@ -0,0 +1,5 @@ +--- +title: Expose merge requests count based on user access +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-DOS_issue_comments_banzai.yml b/changelogs/unreleased/security-DOS_issue_comments_banzai.yml new file mode 100644 index 00000000000..2405b1a4f5f --- /dev/null +++ b/changelogs/unreleased/security-DOS_issue_comments_banzai.yml @@ -0,0 +1,5 @@ +--- +title: Fix Denial of Service for comments when rendering issues/MR comments +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-bvl-enforce-graphql-type-authorization.yml b/changelogs/unreleased/security-bvl-enforce-graphql-type-authorization.yml new file mode 100644 index 00000000000..7dedb9f6230 --- /dev/null +++ b/changelogs/unreleased/security-bvl-enforce-graphql-type-authorization.yml @@ -0,0 +1,5 @@ +--- +title: Add missing authorizations in GraphQL +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-fp-prevent-billion-laughs-attack.yml b/changelogs/unreleased/security-fp-prevent-billion-laughs-attack.yml new file mode 100644 index 00000000000..4e0cf848931 --- /dev/null +++ b/changelogs/unreleased/security-fp-prevent-billion-laughs-attack.yml @@ -0,0 +1,5 @@ +--- +title: Prevent Billion Laughs attack +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-mr-head-pipeline-leak.yml b/changelogs/unreleased/security-mr-head-pipeline-leak.yml new file mode 100644 index 00000000000..fe8c4dfb3c8 --- /dev/null +++ b/changelogs/unreleased/security-mr-head-pipeline-leak.yml @@ -0,0 +1,5 @@ +--- +title: Gate MR head_pipeline behind read_pipeline ability. +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-notes-in-private-snippets.yml b/changelogs/unreleased/security-notes-in-private-snippets.yml new file mode 100644 index 00000000000..907d98cb16d --- /dev/null +++ b/changelogs/unreleased/security-notes-in-private-snippets.yml @@ -0,0 +1,5 @@ +--- +title: Correctly check permissions when creating snippet notes +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-prevent-detection-of-merge-request-template-name.yml b/changelogs/unreleased/security-prevent-detection-of-merge-request-template-name.yml new file mode 100644 index 00000000000..d7bb884cb4b --- /dev/null +++ b/changelogs/unreleased/security-prevent-detection-of-merge-request-template-name.yml @@ -0,0 +1,5 @@ +--- +title: Prevent the detection of merge request templates by unauthorized users +merge_request: +author: +type: security |