From 51840698678d15c53fff9c29cb083045305486a1 Mon Sep 17 00:00:00 2001 From: Luke Bennett Date: Mon, 5 Feb 2018 13:37:15 +0000 Subject: Update CHANGELOG.md for 10.4.3 [ci skip] --- CHANGELOG.md | 10 ++++++++++ changelogs/unreleased/fix-gh-namespace-issue.yml | 5 ----- changelogs/unreleased/fix-stored-xss-in-code-blocks.yml | 5 ----- changelogs/unreleased/mc-bug-38984-wildcard-protected-tags.yml | 5 ----- .../security-10-4-todo-api-reveals-sensitive-information.yml | 5 ----- 5 files changed, 10 insertions(+), 20 deletions(-) delete mode 100644 changelogs/unreleased/fix-gh-namespace-issue.yml delete mode 100644 changelogs/unreleased/fix-stored-xss-in-code-blocks.yml delete mode 100644 changelogs/unreleased/mc-bug-38984-wildcard-protected-tags.yml delete mode 100644 changelogs/unreleased/security-10-4-todo-api-reveals-sensitive-information.yml diff --git a/CHANGELOG.md b/CHANGELOG.md index 6f6a1234219..92a4be90071 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,16 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 10.4.3 (2018-02-05) + +### Security (4 changes) + +- Fix namespace access issue for GitHub, BitBucket, and GitLab.com project importers. +- Fix stored XSS in code blocks that ignore highlighting. +- Fix wilcard protected tags protecting all branches. +- Restrict Todo API mark_as_done endpoint to the user's todos only. + + ## 10.4.2 (2018-01-30) ### Fixed (6 changes) diff --git a/changelogs/unreleased/fix-gh-namespace-issue.yml b/changelogs/unreleased/fix-gh-namespace-issue.yml deleted file mode 100644 index 2db7abb9d58..00000000000 --- a/changelogs/unreleased/fix-gh-namespace-issue.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix namespace access issue for GitHub, BitBucket, and GitLab.com project importers -merge_request: -author: -type: security diff --git a/changelogs/unreleased/fix-stored-xss-in-code-blocks.yml b/changelogs/unreleased/fix-stored-xss-in-code-blocks.yml deleted file mode 100644 index b595459ee6b..00000000000 --- a/changelogs/unreleased/fix-stored-xss-in-code-blocks.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix stored XSS in code blocks that ignore highlighting -merge_request: -author: -type: security diff --git a/changelogs/unreleased/mc-bug-38984-wildcard-protected-tags.yml b/changelogs/unreleased/mc-bug-38984-wildcard-protected-tags.yml deleted file mode 100644 index 27219b096af..00000000000 --- a/changelogs/unreleased/mc-bug-38984-wildcard-protected-tags.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix wilcard protected tags protecting all branches -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-10-4-todo-api-reveals-sensitive-information.yml b/changelogs/unreleased/security-10-4-todo-api-reveals-sensitive-information.yml deleted file mode 100644 index 329825d1e73..00000000000 --- a/changelogs/unreleased/security-10-4-todo-api-reveals-sensitive-information.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Restrict Todo API mark_as_done endpoint to the user's todos only -merge_request: -author: -type: security -- cgit v1.2.3