Commit e3bcddf2 authored by Robert Speicher's avatar Robert Speicher

Update CHANGELOG for 8.3.9

[ci skip]
parent a0ebf759
Please view this file on the master branch, on stable branches it's out of date.
v 8.3.9
- Fix a window.opener bug that could lead to XSS and open redirects
- Prevent XSS via custom issue tracker URL
- Fix vulnerability that leaks private labels and milestones
- Prevent privilege escalation via "impersonate" feature
- Prevent users from deleting Webhooks via API they do not own
- Prevent information disclosure via snippet API
- Prevent privilege escalation via notes API
- Prevent privilege escalation via project webhook API
- Prevent XSS via custom issue tracker URL
- Prevent XSS via `window.opener`
- Prevent information disclosure via project labels
- Prevent information disclosure via new merge request page
v 8.3.8
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment