diff options
-rw-r--r-- | CHANGELOG.md | 8 | ||||
-rw-r--r-- | changelogs/unreleased/fix-gitaly-revision-flag-injection.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/security-pages-api-token-recovery.yml | 5 |
3 files changed, 8 insertions, 10 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index d7f4e80078d..5b914ff7409 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,14 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 11.11.8 + +### Security (2 changes) + +- Upgrade Gitaly to 1.42.7 to prevent revision flag injection exploits. +- Upgrade pages to 1.5.1 to prevent gitlab api token recovery from cookie. + + ## 11.11.7 ### Security (9 changes) diff --git a/changelogs/unreleased/fix-gitaly-revision-flag-injection.yml b/changelogs/unreleased/fix-gitaly-revision-flag-injection.yml deleted file mode 100644 index ab72482fb25..00000000000 --- a/changelogs/unreleased/fix-gitaly-revision-flag-injection.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Upgrade Gitaly to 1.42.7 to prevent revision flag injection exploits -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-pages-api-token-recovery.yml b/changelogs/unreleased/security-pages-api-token-recovery.yml deleted file mode 100644 index 5b555d0774b..00000000000 --- a/changelogs/unreleased/security-pages-api-token-recovery.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Upgrade pages to 1.5.1 to prevent gitlab api token recovery from cookie -merge_request: -author: -type: security |