Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
4c887a19
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
4c887a19
编写于
2月 28, 2019
作者:
G
GitLab Release Tools Bot
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Update CHANGELOG.md for 11.6.10
[ci skip]
上级
d40a3809
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
27 addition
and
0 deletion
+27
-0
CHANGELOG.md
CHANGELOG.md
+27
-0
未找到文件。
CHANGELOG.md
浏览文件 @
4c887a19
...
...
@@ -486,6 +486,33 @@ entry.
-
Update url placeholder for the sentry configuration page. !24338
## 11.6.10 (2019-02-28)
### Security (21 changes)
-
Stop linking to unrecognized package sources. !55518
-
Check snippet attached file to be moved is within designated directory.
-
Fix potential Addressable::URI::InvalidURIError.
-
Do not display impersonated sessions under active sessions and remove ability to revoke session.
-
Display only information visible to current user on the Milestone page.
-
Show only merge requests visible to user on milestone detail page.
-
Disable issue boards API when issues are disabled.
-
Don't show new issue link after move when a user does not have permissions.
-
Fix git clone revealing private repo's presence.
-
Fix blind SSRF in Prometheus integration by checking URL before querying.
-
Check if desired milestone for an issue is available.
-
Don't allow non-members to see private related MRs.
-
Fix arbitrary file read via diffs during import.
-
Display the correct number of MRs a user has access to.
-
Forbid creating discussions for users with restricted access.
-
Do not disclose milestone titles for unauthorized users.
-
Validate session key when authorizing with GCP to create a cluster.
-
Block local URLs for Kubernetes integration.
-
Limit mermaid rendering to 5K characters.
-
Remove the possibility to share a project with a group that a user is not a member of.
-
Fix leaking private repository information in API.
## 11.6.8 (2019-01-30)
-
No changes.
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录