diff options
author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-01-29 23:35:05 +0000 |
---|---|---|
committer | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-31 16:52:51 +0100 |
commit | db6406ea12238d8020239409a057220ea6e56479 (patch) | |
tree | 3580a8e65d7191c1a988f6b709312de1e09d40c2 | |
parent | fc5ebc3cb8ba366a199219a71f9fb7da30ef0001 (diff) | |
download | gitlab-ce-db6406ea12238d8020239409a057220ea6e56479.tar.gz |
Update CHANGELOG.md for 11.7.2
[ci skip]
-rw-r--r-- | CHANGELOG.md | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 98c4c8f9233..594a632f0da 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,40 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 11.7.2 (2019-01-29) + +### Security (24 changes) + +- Make potentially malicious links more visible in the UI and scrub RTLO chars from links. !2770 +- Don't process MR refs for guests in the notes. !2771 +- Sanitize user full name to clean up any URL to prevent mail clients from auto-linking URLs. !2828 +- Fixed XSS content in KaTex links. +- Disallows unauthorized users from accessing the pipelines section. +- Verify that LFS upload requests are genuine. +- Extract GitLab Pages using RubyZip. +- Prevent awarding emojis to notes whose parent is not visible to user. +- Prevent unauthorized replies when discussion is locked or confidential. +- Disable git v2 protocol temporarily. +- Fix showing ci status for guest users when public pipline are not set. +- Fix contributed projects info still visible when user enable private profile. +- Add subresources removal to member destroy service. +- Add more LFS validations to prevent forgery. +- Use common error for unauthenticated users when creating issues. +- Fix slow regex in project reference pattern. +- Fix private user email being visible in push (and tag push) webhooks. +- Fix wiki access rights when external wiki is enabled. +- Group guests are no longer able to see merge requests they don't have access to at group level. +- Fix path disclosure on project import error. +- Restrict project import visibility based on its group. +- Expose CI/CD trigger token only to the trigger owner. +- Notify only users who can access the project on project move. +- Alias GitHub and BitBucket OAuth2 callback URLs. + +### Fixed (1 change) + +- Fix uninitialized constant with GitLab Pages. + + ## 11.7.1 (2019-01-28) ### Security (24 changes) |