Merge remote-tracking branch 'dev/master'

562c0f45 · Robert Speicher · a84a06e2 · 90666dec · 562c0f45 · 562c0f45
Commit 562c0f45 authored Feb 14, 2017 by Robert Speicher
Hide whitespace changes
Inline Side-by-side

Showing with 33 additions and 0 deletions

CHANGELOG-EE.md CHANGELOG-EE.md +12 -0

CHANGELOG.md CHANGELOG.md +21 -0

No files found.
--- a/CHANGELOG-EE.md
+++ b/CHANGELOG-EE.md
 Please view this file on the master branch, on stable branches it's out of date.

+## 8.16.5 (2017-02-14)
+
+- No changes.
+
 ## 8.16.4 (2017-02-02)

 - Disable all merge acceptance buttons pending MR approval.
@@ -28,6 +32,10 @@ Please view this file on the master branch, on stable branches it's out of date.
 - Expose issue weight in the API. !1023 (Robert Schilling)
 - Copy <some text> to clipboard. !1048

+## 8.15.6 (2017-02-14)
+
+- No changes.
+
 ## 8.15.5 (2017-01-20)

 - No changes.
@@ -61,6 +69,10 @@ Please view this file on the master branch, on stable branches it's out of date.
 - Geo: Enables nodes to be removed even without proper license. !978
 - Update validates_hostname to 1.0.6 to fix a bug in parsing hexadecimal-looking domain names. !982

+## 8.14.9 (2017-02-14)
+
+- No changes.
+
 ## 8.14.8 (2017-01-25)

 - No changes.

--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,13 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.

+## 8.16.5 (2017-02-14)
+
+- Patch Asciidocs rendering to block XSS.
+- Fix XSS vulnerability in SVG attachments.
+- Prevent the GitHub importer from assigning labels and comments to merge requests or issues belonging to other projects.
+- Patch XSS vulnerability in RDOC support.
+
 ## 8.16.4 (2017-02-02)

 - Support non-ASCII characters in GFM autocomplete. !8729
@@ -174,6 +181,13 @@ entry.
 - Add margin to markdown math blocks.
 - Add hover state to MR comment reply button.

+## 8.15.6 (2017-02-14)
+
+- Patch Asciidocs rendering to block XSS.
+- Fix XSS vulnerability in SVG attachments.
+- Prevent the GitHub importer from assigning labels and comments to merge requests or issues belonging to other projects.
+- Patch XSS vulnerability in RDOC support.
+
 ## 8.15.5 (2017-01-20)

 - Ensure export files are removed after a namespace is deleted.
@@ -445,6 +459,13 @@ entry.
 - Whitelist next project names: help, ci, admin, search. !8227
 - Adds back CSS for progress-bars. !8237

+## 8.14.9 (2017-02-14)
+
+- Patch Asciidocs rendering to block XSS.
+- Fix XSS vulnerability in SVG attachments.
+- Prevent the GitHub importer from assigning labels and comments to merge requests or issues belonging to other projects.
+- Patch XSS vulnerability in RDOC support.
+
 ## 8.14.8 (2017-01-25)

 - Accept environment variables from the `pre-receive` script. !7967