Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhq into jarv/dev-to-gitlab-2019-04-02jarv/dev-to-gitlab-2019-04-02

8 files changed, 40 insertions, 0 deletions

diff --git a/changelogs/unreleased/disallow-guests-to-access-releases.yml b/changelogs/unreleased/disallow-guests-to-access-releases.yml
new file mode 100644
index 00000000000..f2d518108d2
--- /dev/null
+++ b/changelogs/unreleased/disallow-guests-to-access-releases.yml
@@ -0,0 +1,5 @@
+---
+title: Disallow guest users from accessing Releases
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-55503-fix-pdf-js-vulnerability.yml b/changelogs/unreleased/security-55503-fix-pdf-js-vulnerability.yml
new file mode 100644
index 00000000000..e5d0cd4fee1
--- /dev/null
+++ b/changelogs/unreleased/security-55503-fix-pdf-js-vulnerability.yml
@@ -0,0 +1,5 @@
+---
+title: Fix PDF.js vulnerability
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-56224.yml b/changelogs/unreleased/security-56224.yml
new file mode 100644
index 00000000000..a4e274e6ca5
--- /dev/null
+++ b/changelogs/unreleased/security-56224.yml
@@ -0,0 +1,5 @@
+---
+title: Hide "related branches" when user does not have permission
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-56927-xss-resolve-conflicts-branch-name.yml b/changelogs/unreleased/security-56927-xss-resolve-conflicts-branch-name.yml
new file mode 100644
index 00000000000..f92d2c0dcb1
--- /dev/null
+++ b/changelogs/unreleased/security-56927-xss-resolve-conflicts-branch-name.yml
@@ -0,0 +1,5 @@
+---
+title: Fix XSS in resolve conflicts form
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-exif-migration.yml b/changelogs/unreleased/security-exif-migration.yml
new file mode 100644
index 00000000000..cc529099df5
--- /dev/null
+++ b/changelogs/unreleased/security-exif-migration.yml
@@ -0,0 +1,5 @@
+---
+title: Added rake task for removing EXIF data from existing uploads.
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-id-potential-denial-languages.yml b/changelogs/unreleased/security-id-potential-denial-languages.yml
new file mode 100644
index 00000000000..2194ecb97dc
--- /dev/null
+++ b/changelogs/unreleased/security-id-potential-denial-languages.yml
@@ -0,0 +1,5 @@
+---
+title: Return cached languages if they've been detected before
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-mass-assignment-on-project-update.yml b/changelogs/unreleased/security-mass-assignment-on-project-update.yml
new file mode 100644
index 00000000000..93561cd91b3
--- /dev/null
+++ b/changelogs/unreleased/security-mass-assignment-on-project-update.yml
@@ -0,0 +1,5 @@
+---
+title: Disallow updating namespace when updating a project
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/use-untrusted-regexp.yml b/changelogs/unreleased/use-untrusted-regexp.yml
new file mode 100644
index 00000000000..dd7f1bcaca1
--- /dev/null
+++ b/changelogs/unreleased/use-untrusted-regexp.yml
@@ -0,0 +1,5 @@
+---
+title: Use UntrustedRegexp for matching refs policy
+merge_request:
+author:
+type: security