diff options
Diffstat (limited to 'changelogs')
25 files changed, 0 insertions, 127 deletions
diff --git a/changelogs/unreleased/11-6-security-stored-xss-via-katex.yml b/changelogs/unreleased/11-6-security-stored-xss-via-katex.yml deleted file mode 100644 index a71ae1123f2..00000000000 --- a/changelogs/unreleased/11-6-security-stored-xss-via-katex.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fixed XSS content in KaTex links -merge_request: -author: -type: security diff --git a/changelogs/unreleased/blackst0ne-bump-rails-cve-2018-16476.yml b/changelogs/unreleased/blackst0ne-bump-rails-cve-2018-16476.yml deleted file mode 100644 index fc8af425779..00000000000 --- a/changelogs/unreleased/blackst0ne-bump-rails-cve-2018-16476.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Bump Ruby on Rails to 4.2.11 -merge_request: -author: "@blackst0ne" -type: security diff --git a/changelogs/unreleased/extract-pages-with-rubyzip.yml b/changelogs/unreleased/extract-pages-with-rubyzip.yml deleted file mode 100644 index 8352e79d3e5..00000000000 --- a/changelogs/unreleased/extract-pages-with-rubyzip.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Extract GitLab Pages using RubyZip -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-11-6-22076-sanitize-url-in-names.yml b/changelogs/unreleased/security-11-6-22076-sanitize-url-in-names.yml deleted file mode 100644 index f28ab554660..00000000000 --- a/changelogs/unreleased/security-11-6-22076-sanitize-url-in-names.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: Sanitize user full name to clean up any URL to prevent mail clients from auto-linking - URLs -merge_request: 2829 -author: -type: security diff --git a/changelogs/unreleased/security-11-6-test-permissions.yml b/changelogs/unreleased/security-11-6-test-permissions.yml deleted file mode 100644 index cfb69fdcb1e..00000000000 --- a/changelogs/unreleased/security-11-6-test-permissions.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Disallows unauthorized users from accessing the pipelines section. -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-2767-verify-lfs-finalize-from-workhorse.yml b/changelogs/unreleased/security-2767-verify-lfs-finalize-from-workhorse.yml deleted file mode 100644 index e79e3263df7..00000000000 --- a/changelogs/unreleased/security-2767-verify-lfs-finalize-from-workhorse.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Verify that LFS upload requests are genuine -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-2769-idn-homograph-attack.yml b/changelogs/unreleased/security-2769-idn-homograph-attack.yml deleted file mode 100644 index a014b522c96..00000000000 --- a/changelogs/unreleased/security-2769-idn-homograph-attack.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Make potentially malicious links more visible in the UI and scrub RTLO chars from links -merge_request: 2770 -author: -type: security diff --git a/changelogs/unreleased/security-2776-fix-add-reaction-permissions.yml b/changelogs/unreleased/security-2776-fix-add-reaction-permissions.yml deleted file mode 100644 index 3ad92578c44..00000000000 --- a/changelogs/unreleased/security-2776-fix-add-reaction-permissions.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent awarding emojis to notes whose parent is not visible to user -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-2779-fix-email-comment-permissions-check.yml b/changelogs/unreleased/security-2779-fix-email-comment-permissions-check.yml deleted file mode 100644 index 2f76064d8a4..00000000000 --- a/changelogs/unreleased/security-2779-fix-email-comment-permissions-check.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent unauthorized replies when discussion is locked or confidential -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-2780-disable-git-v2-protocol.yml b/changelogs/unreleased/security-2780-disable-git-v2-protocol.yml deleted file mode 100644 index 30a08a98e83..00000000000 --- a/changelogs/unreleased/security-2780-disable-git-v2-protocol.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Disable git v2 protocol temporarily -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-commit-status-shown-for-guest-user.yml b/changelogs/unreleased/security-commit-status-shown-for-guest-user.yml deleted file mode 100644 index a80170091d0..00000000000 --- a/changelogs/unreleased/security-commit-status-shown-for-guest-user.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix showing ci status for guest users when public pipline are not set -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-contributed-projects.yml b/changelogs/unreleased/security-contributed-projects.yml deleted file mode 100644 index f745a2255ca..00000000000 --- a/changelogs/unreleased/security-contributed-projects.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix contributed projects info still visible when user enable private profile -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-do-not-process-mr-ref-for-guests.yml b/changelogs/unreleased/security-do-not-process-mr-ref-for-guests.yml deleted file mode 100644 index 0281dde11e6..00000000000 --- a/changelogs/unreleased/security-do-not-process-mr-ref-for-guests.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Don't process MR refs for guests in the notes -merge_request: 2771 -author: -type: security diff --git a/changelogs/unreleased/security-fix-lfs-import-project-ssrf-forgery.yml b/changelogs/unreleased/security-fix-lfs-import-project-ssrf-forgery.yml deleted file mode 100644 index b6315ec29d8..00000000000 --- a/changelogs/unreleased/security-fix-lfs-import-project-ssrf-forgery.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Add more LFS validations to prevent forgery -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-fix-new-issues-login-message.yml b/changelogs/unreleased/security-fix-new-issues-login-message.yml deleted file mode 100644 index 9dabf2438c9..00000000000 --- a/changelogs/unreleased/security-fix-new-issues-login-message.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Use common error for unauthenticated users when creating issues -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-fix-regex-dos.yml b/changelogs/unreleased/security-fix-regex-dos.yml deleted file mode 100644 index b08566d2f15..00000000000 --- a/changelogs/unreleased/security-fix-regex-dos.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix slow regex in project reference pattern -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-fix-user-email-tag-push-leak.yml b/changelogs/unreleased/security-fix-user-email-tag-push-leak.yml deleted file mode 100644 index 915ea7b5216..00000000000 --- a/changelogs/unreleased/security-fix-user-email-tag-push-leak.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix private user email being visible in push (and tag push) webhooks -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-fix-wiki-access-rights-with-external-wiki-enabled.yml b/changelogs/unreleased/security-fix-wiki-access-rights-with-external-wiki-enabled.yml deleted file mode 100644 index d5f20b87a90..00000000000 --- a/changelogs/unreleased/security-fix-wiki-access-rights-with-external-wiki-enabled.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix wiki access rights when external wiki is enabled -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-guests-can-see-list-of-merge-requests.yml b/changelogs/unreleased/security-guests-can-see-list-of-merge-requests.yml deleted file mode 100644 index f5b74011829..00000000000 --- a/changelogs/unreleased/security-guests-can-see-list-of-merge-requests.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: Group guests are no longer able to see merge requests they don't have access - to at group level -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-import-path-logging.yml b/changelogs/unreleased/security-import-path-logging.yml deleted file mode 100644 index 2ba2d88d82a..00000000000 --- a/changelogs/unreleased/security-import-path-logging.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix path disclosure on project import error -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-import-project-visibility.yml b/changelogs/unreleased/security-import-project-visibility.yml deleted file mode 100644 index 04ae172a9a1..00000000000 --- a/changelogs/unreleased/security-import-project-visibility.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Restrict project import visibility based on its group -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-pipeline-trigger-tokens-exposure.yml b/changelogs/unreleased/security-pipeline-trigger-tokens-exposure.yml deleted file mode 100644 index 97d743eead1..00000000000 --- a/changelogs/unreleased/security-pipeline-trigger-tokens-exposure.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Expose CI/CD trigger token only to the trigger owner -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-project-move-users.yml b/changelogs/unreleased/security-project-move-users.yml deleted file mode 100644 index 744df68651f..00000000000 --- a/changelogs/unreleased/security-project-move-users.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Notify only users who can access the project on project move. -merge_request: -author: -type: security diff --git a/changelogs/unreleased/sh-fix-issue-56663-11-6.yml b/changelogs/unreleased/sh-fix-issue-56663-11-6.yml deleted file mode 100644 index addf327b69d..00000000000 --- a/changelogs/unreleased/sh-fix-issue-56663-11-6.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Alias GitHub and BitBucket OAuth2 callback URLs -merge_request: -author: -type: security diff --git a/changelogs/unreleased/sh-fix-pages-zip-constant.yml b/changelogs/unreleased/sh-fix-pages-zip-constant.yml deleted file mode 100644 index fcd8aa45825..00000000000 --- a/changelogs/unreleased/sh-fix-pages-zip-constant.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix uninitialized constant with GitLab Pages -merge_request: -author: -type: fixed |