Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/changelogs/unreleased
diff options
context:
space:
mode:
Diffstat (limited to 'changelogs/unreleased')
-rw-r--r--changelogs/unreleased/jl-bump-rack-cors-1-0-6.yml5
-rw-r--r--changelogs/unreleased/jl-bump-rdoc-6-1-2.yml5
-rw-r--r--changelogs/unreleased/security-13-update-ruby-zip-pages-master.yml5
-rw-r--r--changelogs/unreleased/security-35235-todos-cleanup.yml5
-rw-r--r--changelogs/unreleased/security-dos-via-asciidoc-includes.yml5
-rw-r--r--changelogs/unreleased/security-fix-grafana-token-leaked-in-plain-to-other-maintainers.yml5
-rw-r--r--changelogs/unreleased/security-fix-xss-on-project-templates.yml5
-rw-r--r--changelogs/unreleased/security-proctect-internal-builds-from-external-overrides.yml5
-rw-r--r--changelogs/unreleased/security-reference-check.yml5
-rw-r--r--changelogs/unreleased/security-reverse-polarity-of-branch-compare.yml5
-rw-r--r--changelogs/unreleased/security-update-excon-cve-2019-16779.yml5
-rw-r--r--changelogs/unreleased/security-workhorse-package-bypass-12-6.yml5
12 files changed, 60 insertions, 0 deletions
diff --git a/changelogs/unreleased/jl-bump-rack-cors-1-0-6.yml b/changelogs/unreleased/jl-bump-rack-cors-1-0-6.yml
new file mode 100644
index 00000000000..d54a7d885d1
--- /dev/null
+++ b/changelogs/unreleased/jl-bump-rack-cors-1-0-6.yml
@@ -0,0 +1,5 @@
+---
+title: Update rack-cors to 1.0.6
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/jl-bump-rdoc-6-1-2.yml b/changelogs/unreleased/jl-bump-rdoc-6-1-2.yml
new file mode 100644
index 00000000000..69c37e121a5
--- /dev/null
+++ b/changelogs/unreleased/jl-bump-rdoc-6-1-2.yml
@@ -0,0 +1,5 @@
+---
+title: Update rdoc to 6.1.2
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-13-update-ruby-zip-pages-master.yml b/changelogs/unreleased/security-13-update-ruby-zip-pages-master.yml
new file mode 100644
index 00000000000..976ce6f90b3
--- /dev/null
+++ b/changelogs/unreleased/security-13-update-ruby-zip-pages-master.yml
@@ -0,0 +1,5 @@
+---
+title: Bump rubyzip to 2.0.0
+merge_request:
+author: Utkarsh Gupta
+type: security
diff --git a/changelogs/unreleased/security-35235-todos-cleanup.yml b/changelogs/unreleased/security-35235-todos-cleanup.yml
new file mode 100644
index 00000000000..119220fbc73
--- /dev/null
+++ b/changelogs/unreleased/security-35235-todos-cleanup.yml
@@ -0,0 +1,5 @@
+---
+title: Cleanup todos for users from a removed linked group
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-dos-via-asciidoc-includes.yml b/changelogs/unreleased/security-dos-via-asciidoc-includes.yml
new file mode 100644
index 00000000000..8fc3bd32316
--- /dev/null
+++ b/changelogs/unreleased/security-dos-via-asciidoc-includes.yml
@@ -0,0 +1,5 @@
+---
+title: Limit number of AsciiDoc includes per document
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-fix-grafana-token-leaked-in-plain-to-other-maintainers.yml b/changelogs/unreleased/security-fix-grafana-token-leaked-in-plain-to-other-maintainers.yml
new file mode 100644
index 00000000000..a44005f8dac
--- /dev/null
+++ b/changelogs/unreleased/security-fix-grafana-token-leaked-in-plain-to-other-maintainers.yml
@@ -0,0 +1,5 @@
+---
+title: Prevent gafana integration token from being displayed as a plain text to other project maintainers, by only displaying a masked version of it.
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-fix-xss-on-project-templates.yml b/changelogs/unreleased/security-fix-xss-on-project-templates.yml
new file mode 100644
index 00000000000..2930bbaff87
--- /dev/null
+++ b/changelogs/unreleased/security-fix-xss-on-project-templates.yml
@@ -0,0 +1,5 @@
+---
+title: Fix XSS vulnerability on custom project templates form
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-proctect-internal-builds-from-external-overrides.yml b/changelogs/unreleased/security-proctect-internal-builds-from-external-overrides.yml
new file mode 100644
index 00000000000..b540172d95c
--- /dev/null
+++ b/changelogs/unreleased/security-proctect-internal-builds-from-external-overrides.yml
@@ -0,0 +1,5 @@
+---
+title: Protect internal CI builds from external overrides
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-reference-check.yml b/changelogs/unreleased/security-reference-check.yml
new file mode 100644
index 00000000000..f33cea66eb1
--- /dev/null
+++ b/changelogs/unreleased/security-reference-check.yml
@@ -0,0 +1,5 @@
+---
+title: Make sure that only system notes where all references are visible to user are exposed in GraphQL API.
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-reverse-polarity-of-branch-compare.yml b/changelogs/unreleased/security-reverse-polarity-of-branch-compare.yml
new file mode 100644
index 00000000000..db6a4f064a4
--- /dev/null
+++ b/changelogs/unreleased/security-reverse-polarity-of-branch-compare.yml
@@ -0,0 +1,5 @@
+---
+title: Make cross-repository comparisons happen in the source repository
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-update-excon-cve-2019-16779.yml b/changelogs/unreleased/security-update-excon-cve-2019-16779.yml
new file mode 100644
index 00000000000..e849dc92848
--- /dev/null
+++ b/changelogs/unreleased/security-update-excon-cve-2019-16779.yml
@@ -0,0 +1,5 @@
+---
+title: Update excon to 0.71.1 to fix CVE-2019-16779
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-workhorse-package-bypass-12-6.yml b/changelogs/unreleased/security-workhorse-package-bypass-12-6.yml
new file mode 100644
index 00000000000..bb9aa0a2bf1
--- /dev/null
+++ b/changelogs/unreleased/security-workhorse-package-bypass-12-6.yml
@@ -0,0 +1,5 @@
+---
+title: Add workhorse request verification to package upload endpoints
+merge_request:
+author:
+type: security
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-30 21:37:04 +0300