| ... | @@ -2,6 +2,21 @@ |
... | @@ -2,6 +2,21 @@ |
|
|
documentation](doc/development/changelog.md) for instructions on adding your own
|
|
documentation](doc/development/changelog.md) for instructions on adding your own
|
|
|
entry.
|
|
entry.
|
|
|
|
|
|
|
|
|
## 11.11.7
|
|
|
|
|
|
|
|
### Security (9 changes)
|
|
|
|
|
|
|
|
- Restrict slash commands to users who can log in.
|
|
|
|
- Patch XSS issue in wiki links.
|
|
|
|
- Filter merge request params on the new merge request page.
|
|
|
|
- Fix Server Side Request Forgery mitigation bypass.
|
|
|
|
- Show badges if pipelines are public otherwise default to project permissions.
|
|
|
|
- Do not allow localhost url redirection in GitHub Integration.
|
|
|
|
- Do not show moved issue id for users that cannot read issue.
|
|
|
|
- Use source project as permissions reference for MergeRequestsController#pipelines.
|
|
|
|
- Drop feature to take ownership of trigger token.
|
|
|
|
|
|
|
|
|
|
|
## 11.11.6
|
|
## 11.11.6
|
|
|
|
|
|
|
|
- Unreleased due to QA failure.
|
|
- Unreleased due to QA failure.
|
| ... | |
... | |
| ... | | ... | |