| ... | @@ -2,6 +2,22 @@ |
... | @@ -2,6 +2,22 @@ |
|
|
documentation](doc/development/changelog.md) for instructions on adding your own
|
|
documentation](doc/development/changelog.md) for instructions on adding your own
|
|
|
entry.
|
|
entry.
|
|
|
|
|
|
|
|
|
## 11.11.5 (2019-06-27)
|
|
|
|
|
|
|
|
### Security (10 changes)
|
|
|
|
|
|
|
|
- Disable Rails SQL query cache when applying service templates. !30060
|
|
|
|
- Add missing authorizations in GraphQL.
|
|
|
|
- Fix DoS vulnerability in color validation regex.
|
|
|
|
- Expose merge requests count based on user access.
|
|
|
|
- Fix Denial of Service for comments when rendering issues/MR comments.
|
|
|
|
- Gate MR head_pipeline behind read_pipeline ability.
|
|
|
|
- Prevent Billion Laughs attack.
|
|
|
|
- Correctly check permissions when creating snippet notes.
|
|
|
|
- Prevent the detection of merge request templates by unauthorized users.
|
|
|
|
- Persist tmp snippet uploads at users.
|
|
|
|
|
|
|
|
|
|
|
## 11.11.4 (2019-06-26)
|
|
## 11.11.4 (2019-06-26)
|
|
|
|
|
|
|
|
### Fixed (3 changes)
|
|
### Fixed (3 changes)
|
| ... | |
... | |
| ... | | ... | |