diff --git a/CHANGELOG.md b/CHANGELOG.md index 6a97044779ce77e980cac828631b7090de26cfbf..ca52a3a7444852c706897ee77233a9907beb88d6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,20 +2,6 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. -## 11.9.2 (2019-03-26) - -### Security (8 changes) - -- Disallow guest users from accessing Releases. -- Fix PDF.js vulnerability. -- Hide "related branches" when user does not have permission. -- Fix XSS in resolve conflicts form. -- Added rake task for removing EXIF data from existing uploads. -- Return cached languages if they've been detected before. -- Disallow updating namespace when updating a project. -- Use UntrustedRegexp for matching refs policy. - - ## 11.9.1 (2019-03-25) ### Fixed (7 changes) diff --git a/changelogs/unreleased/disallow-guests-to-access-releases.yml b/changelogs/unreleased/disallow-guests-to-access-releases.yml new file mode 100644 index 0000000000000000000000000000000000000000..f2d518108d2d4327ebcb76719068856b308f9628 --- /dev/null +++ b/changelogs/unreleased/disallow-guests-to-access-releases.yml @@ -0,0 +1,5 @@ +--- +title: Disallow guest users from accessing Releases +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-55503-fix-pdf-js-vulnerability.yml b/changelogs/unreleased/security-55503-fix-pdf-js-vulnerability.yml new file mode 100644 index 0000000000000000000000000000000000000000..e5d0cd4fee1b714bde5977a13e230ccf038013be --- /dev/null +++ b/changelogs/unreleased/security-55503-fix-pdf-js-vulnerability.yml @@ -0,0 +1,5 @@ +--- +title: Fix PDF.js vulnerability +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-56224.yml b/changelogs/unreleased/security-56224.yml new file mode 100644 index 0000000000000000000000000000000000000000..a4e274e6ca557e63e2c7a5700b25fa14a7b531d5 --- /dev/null +++ b/changelogs/unreleased/security-56224.yml @@ -0,0 +1,5 @@ +--- +title: Hide "related branches" when user does not have permission +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-56927-xss-resolve-conflicts-branch-name.yml b/changelogs/unreleased/security-56927-xss-resolve-conflicts-branch-name.yml new file mode 100644 index 0000000000000000000000000000000000000000..f92d2c0dcb13badc0f2e06cb0f8418ca15a259bb --- /dev/null +++ b/changelogs/unreleased/security-56927-xss-resolve-conflicts-branch-name.yml @@ -0,0 +1,5 @@ +--- +title: Fix XSS in resolve conflicts form +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-exif-migration.yml b/changelogs/unreleased/security-exif-migration.yml new file mode 100644 index 0000000000000000000000000000000000000000..cc529099df5771ff84b5a8c95d0da7aef4480a69 --- /dev/null +++ b/changelogs/unreleased/security-exif-migration.yml @@ -0,0 +1,5 @@ +--- +title: Added rake task for removing EXIF data from existing uploads. +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-id-potential-denial-languages.yml b/changelogs/unreleased/security-id-potential-denial-languages.yml new file mode 100644 index 0000000000000000000000000000000000000000..2194ecb97dc98a0021ce4d56defd243d324665e8 --- /dev/null +++ b/changelogs/unreleased/security-id-potential-denial-languages.yml @@ -0,0 +1,5 @@ +--- +title: Return cached languages if they've been detected before +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-mass-assignment-on-project-update.yml b/changelogs/unreleased/security-mass-assignment-on-project-update.yml new file mode 100644 index 0000000000000000000000000000000000000000..93561cd91b3a1ae4169e15620b1a7c0aa36a9296 --- /dev/null +++ b/changelogs/unreleased/security-mass-assignment-on-project-update.yml @@ -0,0 +1,5 @@ +--- +title: Disallow updating namespace when updating a project +merge_request: +author: +type: security diff --git a/changelogs/unreleased/use-untrusted-regexp.yml b/changelogs/unreleased/use-untrusted-regexp.yml new file mode 100644 index 0000000000000000000000000000000000000000..dd7f1bcaca151bc06318c054de3e4525c41255dc --- /dev/null +++ b/changelogs/unreleased/use-untrusted-regexp.yml @@ -0,0 +1,5 @@ +--- +title: Use UntrustedRegexp for matching refs policy +merge_request: +author: +type: security