From 91bcd5a8ea4806c5b73eeddaf91ae206419e71e3 Mon Sep 17 00:00:00 2001 From: Robert Speicher Date: Thu, 28 Mar 2019 15:18:52 +0100 Subject: Revert "Update CHANGELOG.md for 11.8.5" This reverts commit 7128e69c5c5beaa7a2c361cc6d5b35d73daa8dc7. --- changelogs/unreleased/disallow-guests-to-access-releases.yml | 5 +++++ changelogs/unreleased/security-55503-fix-pdf-js-vulnerability.yml | 5 +++++ changelogs/unreleased/security-56224.yml | 5 +++++ .../unreleased/security-56927-xss-resolve-conflicts-branch-name.yml | 5 +++++ changelogs/unreleased/security-exif-migration.yml | 5 +++++ changelogs/unreleased/security-mass-assignment-on-project-update.yml | 5 +++++ changelogs/unreleased/use-untrusted-regexp.yml | 5 +++++ 7 files changed, 35 insertions(+) create mode 100644 changelogs/unreleased/disallow-guests-to-access-releases.yml create mode 100644 changelogs/unreleased/security-55503-fix-pdf-js-vulnerability.yml create mode 100644 changelogs/unreleased/security-56224.yml create mode 100644 changelogs/unreleased/security-56927-xss-resolve-conflicts-branch-name.yml create mode 100644 changelogs/unreleased/security-exif-migration.yml create mode 100644 changelogs/unreleased/security-mass-assignment-on-project-update.yml create mode 100644 changelogs/unreleased/use-untrusted-regexp.yml (limited to 'changelogs/unreleased') diff --git a/changelogs/unreleased/disallow-guests-to-access-releases.yml b/changelogs/unreleased/disallow-guests-to-access-releases.yml new file mode 100644 index 00000000000..f2d518108d2 --- /dev/null +++ b/changelogs/unreleased/disallow-guests-to-access-releases.yml @@ -0,0 +1,5 @@ +--- +title: Disallow guest users from accessing Releases +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-55503-fix-pdf-js-vulnerability.yml b/changelogs/unreleased/security-55503-fix-pdf-js-vulnerability.yml new file mode 100644 index 00000000000..e5d0cd4fee1 --- /dev/null +++ b/changelogs/unreleased/security-55503-fix-pdf-js-vulnerability.yml @@ -0,0 +1,5 @@ +--- +title: Fix PDF.js vulnerability +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-56224.yml b/changelogs/unreleased/security-56224.yml new file mode 100644 index 00000000000..a4e274e6ca5 --- /dev/null +++ b/changelogs/unreleased/security-56224.yml @@ -0,0 +1,5 @@ +--- +title: Hide "related branches" when user does not have permission +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-56927-xss-resolve-conflicts-branch-name.yml b/changelogs/unreleased/security-56927-xss-resolve-conflicts-branch-name.yml new file mode 100644 index 00000000000..f92d2c0dcb1 --- /dev/null +++ b/changelogs/unreleased/security-56927-xss-resolve-conflicts-branch-name.yml @@ -0,0 +1,5 @@ +--- +title: Fix XSS in resolve conflicts form +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-exif-migration.yml b/changelogs/unreleased/security-exif-migration.yml new file mode 100644 index 00000000000..cc529099df5 --- /dev/null +++ b/changelogs/unreleased/security-exif-migration.yml @@ -0,0 +1,5 @@ +--- +title: Added rake task for removing EXIF data from existing uploads. +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-mass-assignment-on-project-update.yml b/changelogs/unreleased/security-mass-assignment-on-project-update.yml new file mode 100644 index 00000000000..93561cd91b3 --- /dev/null +++ b/changelogs/unreleased/security-mass-assignment-on-project-update.yml @@ -0,0 +1,5 @@ +--- +title: Disallow updating namespace when updating a project +merge_request: +author: +type: security diff --git a/changelogs/unreleased/use-untrusted-regexp.yml b/changelogs/unreleased/use-untrusted-regexp.yml new file mode 100644 index 00000000000..dd7f1bcaca1 --- /dev/null +++ b/changelogs/unreleased/use-untrusted-regexp.yml @@ -0,0 +1,5 @@ +--- +title: Use UntrustedRegexp for matching refs policy +merge_request: +author: +type: security -- cgit v1.2.3