Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
9afc6928
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
9afc6928
编写于
7月 25, 2019
作者:
G
GitLab Release Tools Bot
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Update CHANGELOG.md for 11.11.6
[ci skip]
上级
5bdb9976
变更
10
隐藏空白更改
内联
并排
Showing
10 changed file
with
15 addition
and
45 deletion
+15
-45
CHANGELOG.md
CHANGELOG.md
+15
-0
changelogs/unreleased/security-2873-blocked-user-slash-command-bypass-master.yml
...ecurity-2873-blocked-user-slash-command-bypass-master.yml
+0
-5
changelogs/unreleased/security-60143-patch-additional-xss-vector-in-wikis.yml
...d/security-60143-patch-additional-xss-vector-in-wikis.yml
+0
-5
changelogs/unreleased/security-bvl-filter-mr-params.yml
changelogs/unreleased/security-bvl-filter-mr-params.yml
+0
-5
changelogs/unreleased/security-dns-ssrf-bypass.yml
changelogs/unreleased/security-dns-ssrf-bypass.yml
+0
-5
changelogs/unreleased/security-fix-badges-leaked-to-unauthorized-users.yml
...ased/security-fix-badges-leaked-to-unauthorized-users.yml
+0
-5
changelogs/unreleased/security-github-ssrf-redirect.yml
changelogs/unreleased/security-github-ssrf-redirect.yml
+0
-5
changelogs/unreleased/security-hide_moved_issue_id.yml
changelogs/unreleased/security-hide_moved_issue_id.yml
+0
-5
changelogs/unreleased/security-mr-pipeline-permissions.yml
changelogs/unreleased/security-mr-pipeline-permissions.yml
+0
-5
changelogs/unreleased/security-remove-take-trigger-ownership-feature.yml
...leased/security-remove-take-trigger-ownership-feature.yml
+0
-5
未找到文件。
CHANGELOG.md
浏览文件 @
9afc6928
...
...
@@ -2,6 +2,21 @@
documentation
](
doc/development/changelog.md
)
for instructions on adding your own
entry.
## 11.11.6
### Security (9 changes)
-
Restrict slash commands to users who can log in.
-
Patch XSS issue in wiki links.
-
Filter merge request params on the new merge request page.
-
Fix Server Side Request Forgery mitigation bypass.
-
Show badges if pipelines are public otherwise default to project permissions.
-
Do not allow localhost url redirection in GitHub Integration.
-
Do not show moved issue id for users that cannot read issue.
-
Use source project as permissions reference for MergeRequestsController#pipelines.
-
Drop feature to take ownership of trigger token.
## 11.11.5 (2019-06-27)
-
No changes.
...
...
changelogs/unreleased/security-2873-blocked-user-slash-command-bypass-master.yml
已删除
100644 → 0
浏览文件 @
5bdb9976
---
title
:
Restrict slash commands to users who can log in
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-60143-patch-additional-xss-vector-in-wikis.yml
已删除
100644 → 0
浏览文件 @
5bdb9976
---
title
:
Patch XSS issue in wiki links
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-bvl-filter-mr-params.yml
已删除
100644 → 0
浏览文件 @
5bdb9976
---
title
:
Filter merge request params on the new merge request page
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-dns-ssrf-bypass.yml
已删除
100644 → 0
浏览文件 @
5bdb9976
---
title
:
Fix Server Side Request Forgery mitigation bypass
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-fix-badges-leaked-to-unauthorized-users.yml
已删除
100644 → 0
浏览文件 @
5bdb9976
---
title
:
Show badges if pipelines are public otherwise default to project permissions.
erge_request
:
author
:
type
:
security
changelogs/unreleased/security-github-ssrf-redirect.yml
已删除
100644 → 0
浏览文件 @
5bdb9976
---
title
:
Do not allow localhost url redirection in GitHub Integration
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-hide_moved_issue_id.yml
已删除
100644 → 0
浏览文件 @
5bdb9976
---
title
:
Do not show moved issue id for users that cannot read issue
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-mr-pipeline-permissions.yml
已删除
100644 → 0
浏览文件 @
5bdb9976
---
title
:
Use source project as permissions reference for MergeRequestsController#pipelines
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-remove-take-trigger-ownership-feature.yml
已删除
100644 → 0
浏览文件 @
5bdb9976
---
title
:
Drop feature to take ownership of trigger token.
merge_request
:
author
:
type
:
security
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录