Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
gitlab-ce
Commits
375e6dfd
Commit
375e6dfd
authored
May 30, 2019
by
GitLab Release Tools Bot
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update CHANGELOG.md for 11.11.1
[ci skip]
parent
fc8699ef
Changes
13
Hide whitespace changes
Inline
Side-by-side
Showing
13 changed files
with
18 additions
and
60 deletions
+18
-60
CHANGELOG.md
CHANGELOG.md
+18
-0
changelogs/unreleased/osw-disable-dns-rebind-protection-settings-11-11.yml
...ased/osw-disable-dns-rebind-protection-settings-11-11.yml
+0
-5
changelogs/unreleased/security-58856-persistent-xss-in-note-objects.yml
...eleased/security-58856-persistent-xss-in-note-objects.yml
+0
-5
changelogs/unreleased/security-60039.yml
changelogs/unreleased/security-60039.yml
+0
-5
changelogs/unreleased/security-60143-address-xss-issue-in-wiki-links.yml
...leased/security-60143-address-xss-issue-in-wiki-links.yml
+0
-5
changelogs/unreleased/security-fix-confidential-issue-label-visibility-master.yml
...curity-fix-confidential-issue-label-visibility-master.yml
+0
-5
changelogs/unreleased/security-fix-project-existence-disclosure-master.yml
...ased/security-fix-project-existence-disclosure-master.yml
+0
-5
changelogs/unreleased/security-fix_milestones_search_api_leak.yml
...gs/unreleased/security-fix_milestones_search_api_leak.yml
+0
-5
changelogs/unreleased/security-http-hostname-override-11-11.yml
...logs/unreleased/security-http-hostname-override-11-11.yml
+0
-5
changelogs/unreleased/security-id-leaked-password-in-import-url-frontend.yml
...ed/security-id-leaked-password-in-import-url-frontend.yml
+0
-5
changelogs/unreleased/security-jej-prevent-web-sign-in-bypass.yml
...gs/unreleased/security-jej-prevent-web-sign-in-bypass.yml
+0
-5
changelogs/unreleased/security-pb-fix-get-archive.yml
changelogs/unreleased/security-pb-fix-get-archive.yml
+0
-5
changelogs/unreleased/security-unsubscribing-from-issue.yml
changelogs/unreleased/security-unsubscribing-from-issue.yml
+0
-5
No files found.
CHANGELOG.md
View file @
375e6dfd
...
...
@@ -2,6 +2,24 @@
documentation
](
doc/development/changelog.md
)
for instructions on adding your own
entry.
## 11.11.1 (2019-05-30)
### Security (12 changes)
-
Add DNS rebinding protection settings.
-
Prevent XSS injection in note imports.
-
Prevent invalid branch for merge request.
-
Filter relative links in wiki for XSS.
-
Fix confidential issue label disclosure on milestone view.
-
Fix url redaction for issue links.
-
Resolve: Milestones leaked via search API.
-
Protect Gitlab::HTTP against DNS rebinding attack.
-
Add extra fields for handling basic auth on import by url page.
-
Prevent bypass of restriction disabling web password sign in.
-
Update Gitaly to fix GetArchive vulnerability.
-
Hide confidential issue title on unsubscribe for anonymous users.
## 11.11.0 (2019-05-22)
### Security (1 change)
...
...
changelogs/unreleased/osw-disable-dns-rebind-protection-settings-11-11.yml
deleted
100644 → 0
View file @
fc8699ef
---
title
:
Add DNS rebinding protection settings
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-58856-persistent-xss-in-note-objects.yml
deleted
100644 → 0
View file @
fc8699ef
---
title
:
Prevent XSS injection in note imports
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-60039.yml
deleted
100644 → 0
View file @
fc8699ef
---
title
:
Prevent invalid branch for merge request
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-60143-address-xss-issue-in-wiki-links.yml
deleted
100644 → 0
View file @
fc8699ef
---
title
:
Filter relative links in wiki for XSS
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-fix-confidential-issue-label-visibility-master.yml
deleted
100644 → 0
View file @
fc8699ef
---
title
:
Fix confidential issue label disclosure on milestone view
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-fix-project-existence-disclosure-master.yml
deleted
100644 → 0
View file @
fc8699ef
---
title
:
Fix url redaction for issue links
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-fix_milestones_search_api_leak.yml
deleted
100644 → 0
View file @
fc8699ef
---
title
:
'
Resolve:
Milestones
leaked
via
search
API'
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-http-hostname-override-11-11.yml
deleted
100644 → 0
View file @
fc8699ef
---
title
:
Protect Gitlab::HTTP against DNS rebinding attack
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-id-leaked-password-in-import-url-frontend.yml
deleted
100644 → 0
View file @
fc8699ef
---
title
:
Add extra fields for handling basic auth on import by url page
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-jej-prevent-web-sign-in-bypass.yml
deleted
100644 → 0
View file @
fc8699ef
---
title
:
Prevent bypass of restriction disabling web password sign in
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-pb-fix-get-archive.yml
deleted
100644 → 0
View file @
fc8699ef
---
title
:
Update Gitaly to fix GetArchive vulnerability
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-unsubscribing-from-issue.yml
deleted
100644 → 0
View file @
fc8699ef
---
title
:
Hide confidential issue title on unsubscribe for anonymous users
merge_request
:
author
:
type
:
security
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment