summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--changelogs/unreleased/security-60143-patch-additional-xss-vector-in-wikis.yml5
-rw-r--r--changelogs/unreleased/security-bvl-filter-mr-params.yml5
-rw-r--r--changelogs/unreleased/security-dns-ssrf-bypass.yml5
-rw-r--r--changelogs/unreleased/security-fix-badges-leaked-to-unauthorized-users.yml5
-rw-r--r--changelogs/unreleased/security-hide_moved_issue_id.yml5
-rw-r--r--changelogs/unreleased/security-mr-pipeline-permissions.yml5
-rw-r--r--changelogs/unreleased/security-remove-take-trigger-ownership-feature.yml5
7 files changed, 35 insertions, 0 deletions
diff --git a/changelogs/unreleased/security-60143-patch-additional-xss-vector-in-wikis.yml b/changelogs/unreleased/security-60143-patch-additional-xss-vector-in-wikis.yml
new file mode 100644
index 00000000000..a8a26d5fc56
--- /dev/null
+++ b/changelogs/unreleased/security-60143-patch-additional-xss-vector-in-wikis.yml
@@ -0,0 +1,5 @@
+---
+title: Patch XSS issue in wiki links
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-bvl-filter-mr-params.yml b/changelogs/unreleased/security-bvl-filter-mr-params.yml
new file mode 100644
index 00000000000..4433ec73b7c
--- /dev/null
+++ b/changelogs/unreleased/security-bvl-filter-mr-params.yml
@@ -0,0 +1,5 @@
+---
+title: Filter merge request params on the new merge request page
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-dns-ssrf-bypass.yml b/changelogs/unreleased/security-dns-ssrf-bypass.yml
new file mode 100644
index 00000000000..e48696ce5bd
--- /dev/null
+++ b/changelogs/unreleased/security-dns-ssrf-bypass.yml
@@ -0,0 +1,5 @@
+---
+title: Fix Server Side Request Forgery mitigation bypass
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-fix-badges-leaked-to-unauthorized-users.yml b/changelogs/unreleased/security-fix-badges-leaked-to-unauthorized-users.yml
new file mode 100644
index 00000000000..9526f3c559f
--- /dev/null
+++ b/changelogs/unreleased/security-fix-badges-leaked-to-unauthorized-users.yml
@@ -0,0 +1,5 @@
+---
+title: Show badges if pipelines are public otherwise default to project permissions.
+erge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-hide_moved_issue_id.yml b/changelogs/unreleased/security-hide_moved_issue_id.yml
new file mode 100644
index 00000000000..24353d797c9
--- /dev/null
+++ b/changelogs/unreleased/security-hide_moved_issue_id.yml
@@ -0,0 +1,5 @@
+---
+title: Do not show moved issue id for users that cannot read issue
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-mr-pipeline-permissions.yml b/changelogs/unreleased/security-mr-pipeline-permissions.yml
new file mode 100644
index 00000000000..a317c93228c
--- /dev/null
+++ b/changelogs/unreleased/security-mr-pipeline-permissions.yml
@@ -0,0 +1,5 @@
+---
+title: Use source project as permissions reference for MergeRequestsController#pipelines
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-remove-take-trigger-ownership-feature.yml b/changelogs/unreleased/security-remove-take-trigger-ownership-feature.yml
new file mode 100644
index 00000000000..201f66e1f18
--- /dev/null
+++ b/changelogs/unreleased/security-remove-take-trigger-ownership-feature.yml
@@ -0,0 +1,5 @@
+---
+title: Drop feature to take ownership of trigger token.
+merge_request:
+author:
+type: security
View Lorry Controller Status