diff options
-rw-r--r-- | CHANGELOG.md | 14 | ||||
-rw-r--r-- | changelogs/unreleased/48617-promoting-milestone.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/event-counters-private-data.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/pr-importer-project-name.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/security-fj-missing-csrf-system-hooks.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/security-ide-branch-name-xss.yml | 5 |
6 files changed, 14 insertions, 25 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 8632350ae85..7d48a173de4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,20 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 10.8.7 (2018-07-26) + +### Security (4 changes) + +- Don't expose project names in various counters. +- Don't expose project names in GitHub counters. +- Adding CSRF protection to Hooks test action. +- Fixed XSS in branch name in Web IDE. + +### Fixed (1 change) + +- Escapes milestone and label's names on flash notice when promoting them. + + ## 10.8.6 (2018-07-17) ### Security (2 changes) diff --git a/changelogs/unreleased/48617-promoting-milestone.yml b/changelogs/unreleased/48617-promoting-milestone.yml deleted file mode 100644 index 7fbc15051cf..00000000000 --- a/changelogs/unreleased/48617-promoting-milestone.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Escapes milestone and label's names on flash notice when promoting them -merge_request: -author: -type: fixed diff --git a/changelogs/unreleased/event-counters-private-data.yml b/changelogs/unreleased/event-counters-private-data.yml deleted file mode 100644 index 3dbd8a4ed9c..00000000000 --- a/changelogs/unreleased/event-counters-private-data.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Don't expose project names in various counters -merge_request: -author: -type: security diff --git a/changelogs/unreleased/pr-importer-project-name.yml b/changelogs/unreleased/pr-importer-project-name.yml deleted file mode 100644 index 3b01b048589..00000000000 --- a/changelogs/unreleased/pr-importer-project-name.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Don't expose project names in GitHub counters -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-fj-missing-csrf-system-hooks.yml b/changelogs/unreleased/security-fj-missing-csrf-system-hooks.yml deleted file mode 100644 index fabf48acbbc..00000000000 --- a/changelogs/unreleased/security-fj-missing-csrf-system-hooks.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Adding CSRF protection to Hooks test action -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-ide-branch-name-xss.yml b/changelogs/unreleased/security-ide-branch-name-xss.yml deleted file mode 100644 index 51742ffa4e9..00000000000 --- a/changelogs/unreleased/security-ide-branch-name-xss.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fixed XSS in branch name in Web IDE -merge_request: -author: -type: security |