Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
3ba23e02
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
3ba23e02
编写于
8月 28, 2019
作者:
G
GitLab Release Tools Bot
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Update CHANGELOG.md for 12.1.8
[ci skip]
上级
8e6b9e26
变更
22
隐藏空白更改
内联
并排
Showing
22 changed file
with
27 addition
and
105 deletion
+27
-105
CHANGELOG.md
CHANGELOG.md
+27
-0
changelogs/unreleased/ce-60465-prevent-comments-on-private-mrs.yml
...s/unreleased/ce-60465-prevent-comments-on-private-mrs.yml
+0
-3
changelogs/unreleased/security-59549-add-capcha-for-failed-logins.yml
...nreleased/security-59549-add-capcha-for-failed-logins.yml
+0
-5
changelogs/unreleased/security-61974-limit-issue-comment-size-2.yml
.../unreleased/security-61974-limit-issue-comment-size-2.yml
+0
-5
changelogs/unreleased/security-61974-limit-issue-comment-size.yml
...gs/unreleased/security-61974-limit-issue-comment-size.yml
+0
-5
changelogs/unreleased/security-64711-fix-commit-todos.yml
changelogs/unreleased/security-64711-fix-commit-todos.yml
+0
-5
changelogs/unreleased/security-ci-metrics-permissions.yml
changelogs/unreleased/security-ci-metrics-permissions.yml
+0
-6
changelogs/unreleased/security-enable-image-proxy.yml
changelogs/unreleased/security-enable-image-proxy.yml
+0
-5
changelogs/unreleased/security-epic-notes-api-reveals-historical-info-ce-master.yml
...rity-epic-notes-api-reveals-historical-info-ce-master.yml
+0
-5
changelogs/unreleased/security-exposed-default-branch.yml
changelogs/unreleased/security-exposed-default-branch.yml
+0
-5
changelogs/unreleased/security-fix-html-injection-for-label-description-ce-master.yml
...ty-fix-html-injection-for-label-description-ce-master.yml
+0
-5
changelogs/unreleased/security-fix-markdown-xss.yml
changelogs/unreleased/security-fix-markdown-xss.yml
+0
-5
changelogs/unreleased/security-fix_jira_ssrf_vulnerability.yml
...elogs/unreleased/security-fix_jira_ssrf_vulnerability.yml
+0
-5
changelogs/unreleased/security-group-runners-permissions.yml
changelogs/unreleased/security-group-runners-permissions.yml
+0
-5
changelogs/unreleased/security-hide_merge_request_ids_on_emails.yml
.../unreleased/security-hide_merge_request_ids_on_emails.yml
+0
-5
changelogs/unreleased/security-id-filter-timeline-activities-for-guests.yml
...sed/security-id-filter-timeline-activities-for-guests.yml
+0
-5
changelogs/unreleased/security-katex-dos-12-1.yml
changelogs/unreleased/security-katex-dos-12-1.yml
+0
-5
changelogs/unreleased/security-mr-head-pipeline-leak.yml
changelogs/unreleased/security-mr-head-pipeline-leak.yml
+0
-5
changelogs/unreleased/security-personal-snippets.yml
changelogs/unreleased/security-personal-snippets.yml
+0
-5
changelogs/unreleased/security-project-import-bypass.yml
changelogs/unreleased/security-project-import-bypass.yml
+0
-5
changelogs/unreleased/security-sarcila-fix-weak-session-management.yml
...released/security-sarcila-fix-weak-session-management.yml
+0
-6
changelogs/unreleased/security-ssrf-kubernetes-dns.yml
changelogs/unreleased/security-ssrf-kubernetes-dns.yml
+0
-5
未找到文件。
CHANGELOG.md
浏览文件 @
3ba23e02
...
...
@@ -2,6 +2,33 @@
documentation
](
doc/development/changelog.md
)
for instructions on adding your own
entry.
## 12.1.8
### Security (21 changes)
-
Ensure only authorised users can create notes on Merge Requests and Issues.
-
Add :login_recaptcha_protection_enabled setting to prevent bots from brute-force attacks.
-
Speed up regexp in namespace format by failing fast after reaching maximum namespace depth.
-
Limit the size of issuable description and comments.
-
Send TODOs for comments on commits correctly.
-
Restrict MergeRequests#test_reports to authenticated users with read-access on Builds.
-
Added image proxy to mitigate potential stealing of IP addresses.
-
Filter out old system notes for epics in notes api endpoint response.
-
Avoid exposing unaccessible repo data upon GFM post processing.
-
Fix HTML injection for label description.
-
Make sure HTML text is always escaped when replacing label/milestone references.
-
Prevent DNS rebind on JIRA service integration.
-
Use admin_group authorization in Groups::RunnersController.
-
Prevent disclosure of merge request ID via email.
-
Show cross-referenced MR-id in issues' activities only to authorized users.
-
Enforce max chars and max render time in markdown math.
-
Check permissions before responding in MergeController#pipeline_status.
-
Remove EXIF from users/personal snippet uploads.
-
Fix project import restricted visibility bypass via API.
-
Fix weak session management by clearing password reset tokens after login (username/email) are updated.
-
Fix SSRF via DNS rebinding in Kubernetes Integration.
## 12.1.7
-
Unreleased due to QA failure.
...
...
changelogs/unreleased/ce-60465-prevent-comments-on-private-mrs.yml
已删除
100644 → 0
浏览文件 @
8e6b9e26
---
title
:
Ensure only authorised users can create notes on Merge Requests and Issues
type
:
security
changelogs/unreleased/security-59549-add-capcha-for-failed-logins.yml
已删除
100644 → 0
浏览文件 @
8e6b9e26
---
title
:
Add :login_recaptcha_protection_enabled setting to prevent bots from brute-force attacks.
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-61974-limit-issue-comment-size-2.yml
已删除
100644 → 0
浏览文件 @
8e6b9e26
---
title
:
Speed up regexp in namespace format by failing fast after reaching maximum namespace depth
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-61974-limit-issue-comment-size.yml
已删除
100644 → 0
浏览文件 @
8e6b9e26
---
title
:
Limit the size of issuable description and comments
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-64711-fix-commit-todos.yml
已删除
100644 → 0
浏览文件 @
8e6b9e26
---
title
:
Send TODOs for comments on commits correctly
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-ci-metrics-permissions.yml
已删除
100644 → 0
浏览文件 @
8e6b9e26
---
title
:
Restrict MergeRequests#test_reports to authenticated users with read-access
on Builds
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-enable-image-proxy.yml
已删除
100644 → 0
浏览文件 @
8e6b9e26
---
title
:
Added image proxy to mitigate potential stealing of IP addresses
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-epic-notes-api-reveals-historical-info-ce-master.yml
已删除
100644 → 0
浏览文件 @
8e6b9e26
---
title
:
Filter out old system notes for epics in notes api endpoint response
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-exposed-default-branch.yml
已删除
100644 → 0
浏览文件 @
8e6b9e26
---
title
:
Avoid exposing unaccessible repo data upon GFM post processing
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-fix-html-injection-for-label-description-ce-master.yml
已删除
100644 → 0
浏览文件 @
8e6b9e26
---
title
:
Fix HTML injection for label description
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-fix-markdown-xss.yml
已删除
100644 → 0
浏览文件 @
8e6b9e26
---
title
:
Make sure HTML text is always escaped when replacing label/milestone references.
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-fix_jira_ssrf_vulnerability.yml
已删除
100644 → 0
浏览文件 @
8e6b9e26
---
title
:
Prevent DNS rebind on JIRA service integration
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-group-runners-permissions.yml
已删除
100644 → 0
浏览文件 @
8e6b9e26
---
title
:
Use admin_group authorization in Groups::RunnersController
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-hide_merge_request_ids_on_emails.yml
已删除
100644 → 0
浏览文件 @
8e6b9e26
---
title
:
Prevent disclosure of merge request ID via email
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-id-filter-timeline-activities-for-guests.yml
已删除
100644 → 0
浏览文件 @
8e6b9e26
---
title
:
Show cross-referenced MR-id in issues' activities only to authorized users
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-katex-dos-12-1.yml
已删除
100644 → 0
浏览文件 @
8e6b9e26
---
title
:
Enforce max chars and max render time in markdown math
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-mr-head-pipeline-leak.yml
已删除
100644 → 0
浏览文件 @
8e6b9e26
---
title
:
Check permissions before responding in MergeController#pipeline_status
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-personal-snippets.yml
已删除
100644 → 0
浏览文件 @
8e6b9e26
---
title
:
Remove EXIF from users/personal snippet uploads.
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-project-import-bypass.yml
已删除
100644 → 0
浏览文件 @
8e6b9e26
---
title
:
Fix project import restricted visibility bypass via API
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-sarcila-fix-weak-session-management.yml
已删除
100644 → 0
浏览文件 @
8e6b9e26
---
title
:
Fix weak session management by clearing password reset tokens after login (username/email)
are updated
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-ssrf-kubernetes-dns.yml
已删除
100644 → 0
浏览文件 @
8e6b9e26
---
title
:
Fix SSRF via DNS rebinding in Kubernetes Integration
merge_request
:
author
:
type
:
security
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录