diff options
-rw-r--r-- | CHANGELOG | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/CHANGELOG b/CHANGELOG index 6ad2ce43d14..9a28db2b1b0 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,13 +1,14 @@ Please view this file on the master branch, on stable branches it's out of date. v 8.5.12 - - Fix a window.opener bug that could lead to XSS and open redirects + - Prevent privilege escalation via "impersonate" feature + - Prevent privilege escalation via notes API + - Prevent privilege escalation via project webhook API - Prevent XSS via Git branch and tag names - Prevent XSS via custom issue tracker URL - - Fix vulnerability that leaks private labels and milestones - - Prevent privilege escalation via "impersonate" feature - - Prevent users from deleting Webhooks via API they do not own + - Prevent XSS via `window.opener` - Prevent information disclosure via snippet API + - Prevent information disclosure via project labels - Prevent information disclosure via new merge request page v 8.5.11 |