Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
4c887a19
Commit
4c887a19
authored
Feb 28, 2019
by
GitLab Release Tools Bot
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update CHANGELOG.md for 11.6.10
[ci skip]
parent
d40a3809
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
27 additions
and
0 deletions
+27
-0
CHANGELOG.md
CHANGELOG.md
+27
-0
No files found.
CHANGELOG.md
View file @
4c887a19
...
...
@@ -486,6 +486,33 @@ entry.
-
Update url placeholder for the sentry configuration page. !24338
## 11.6.10 (2019-02-28)
### Security (21 changes)
-
Stop linking to unrecognized package sources. !55518
-
Check snippet attached file to be moved is within designated directory.
-
Fix potential Addressable::URI::InvalidURIError.
-
Do not display impersonated sessions under active sessions and remove ability to revoke session.
-
Display only information visible to current user on the Milestone page.
-
Show only merge requests visible to user on milestone detail page.
-
Disable issue boards API when issues are disabled.
-
Don't show new issue link after move when a user does not have permissions.
-
Fix git clone revealing private repo's presence.
-
Fix blind SSRF in Prometheus integration by checking URL before querying.
-
Check if desired milestone for an issue is available.
-
Don't allow non-members to see private related MRs.
-
Fix arbitrary file read via diffs during import.
-
Display the correct number of MRs a user has access to.
-
Forbid creating discussions for users with restricted access.
-
Do not disclose milestone titles for unauthorized users.
-
Validate session key when authorizing with GCP to create a cluster.
-
Block local URLs for Kubernetes integration.
-
Limit mermaid rendering to 5K characters.
-
Remove the possibility to share a project with a group that a user is not a member of.
-
Fix leaking private repository information in API.
## 11.6.8 (2019-01-30)
-
No changes.
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment