diff options
-rw-r--r-- | CHANGELOG | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/CHANGELOG b/CHANGELOG index 24924ea44a6..5be22a3ff6f 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,12 +1,12 @@ Please view this file on the master branch, on stable branches it's out of date. v 8.3.9 - - Fix a window.opener bug that could lead to XSS and open redirects - - Prevent XSS via custom issue tracker URL - - Fix vulnerability that leaks private labels and milestones - Prevent privilege escalation via "impersonate" feature - - Prevent users from deleting Webhooks via API they do not own - - Prevent information disclosure via snippet API + - Prevent privilege escalation via notes API + - Prevent privilege escalation via project webhook API + - Prevent XSS via custom issue tracker URL + - Prevent XSS via `window.opener` + - Prevent information disclosure via project labels - Prevent information disclosure via new merge request page v 8.3.8 |