Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
a4cb5a6f
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
a4cb5a6f
编写于
3月 26, 2020
作者:
G
GitLab Release Tools Bot
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Update CHANGELOG.md for 12.9.1
[ci skip]
上级
1acb2ee3
变更
18
隐藏空白更改
内联
并排
Showing
18 changed file
with
26 addition
and
85 deletion
+26
-85
CHANGELOG.md
CHANGELOG.md
+26
-0
changelogs/unreleased/212178-fix-authorized-keys-worker.yml
changelogs/unreleased/212178-fix-authorized-keys-worker.yml
+0
-5
changelogs/unreleased/security-120026-redact-notes-in-moved-confidential-issues.yml
...rity-120026-redact-notes-in-moved-confidential-issues.yml
+0
-5
changelogs/unreleased/security-193100-ignore-duplicate-multipart-params.yml
...sed/security-193100-ignore-duplicate-multipart-params.yml
+0
-5
changelogs/unreleased/security-59-prevent-create-api-snippet.yml
...ogs/unreleased/security-59-prevent-create-api-snippet.yml
+0
-5
changelogs/unreleased/security-backend-xss-admin-email.yml
changelogs/unreleased/security-backend-xss-admin-email.yml
+0
-5
changelogs/unreleased/security-disable-mirroring-fix.yml
changelogs/unreleased/security-disable-mirroring-fix.yml
+0
-5
changelogs/unreleased/security-docker-blocked-users.yml
changelogs/unreleased/security-docker-blocked-users.yml
+0
-5
changelogs/unreleased/security-fogbugz-importer-deny-localhost-requests.yml
...sed/security-fogbugz-importer-deny-localhost-requests.yml
+0
-5
changelogs/unreleased/security-mr-pipeline-status-permission-check.yml
...released/security-mr-pipeline-status-permission-check.yml
+0
-5
changelogs/unreleased/security-path-traversal-master.yml
changelogs/unreleased/security-path-traversal-master.yml
+0
-5
changelogs/unreleased/security-repository-archive-hotlinking.yml
...ogs/unreleased/security-repository-archive-hotlinking.yml
+0
-5
changelogs/unreleased/security-restrict-project-pipeline-metrics.yml
...unreleased/security-restrict-project-pipeline-metrics.yml
+0
-5
changelogs/unreleased/security-rf-vulnerability-metadata-fix.yml
...ogs/unreleased/security-rf-vulnerability-metadata-fix.yml
+0
-5
changelogs/unreleased/security-ssrf-attachment-url.yml
changelogs/unreleased/security-ssrf-attachment-url.yml
+0
-5
changelogs/unreleased/security-update-nokogiri-cve-2020-7595.yml
...ogs/unreleased/security-update-nokogiri-cve-2020-7595.yml
+0
-5
changelogs/unreleased/security-updating-description-of-trigger-by-other-maintainer.yml
...y-updating-description-of-trigger-by-other-maintainer.yml
+0
-5
changelogs/unreleased/security-xss-vulnerability-in-admin-send-email-notification.yml
...ty-xss-vulnerability-in-admin-send-email-notification.yml
+0
-5
未找到文件。
CHANGELOG.md
浏览文件 @
a4cb5a6f
...
@@ -2,6 +2,32 @@
...
@@ -2,6 +2,32 @@
documentation](doc/development/changelog.md) for instructions on adding your own
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
entry.
## 12.9.1 (2020-03-26)
### Security (16 changes)
- Add permission check for pipeline status of MR.
- Ignore empty remote_id params from Workhorse accelerated uploads.
- External user can not create personal snippet through API.
- Prevent malicious entry for group name.
- Restrict mirroring changes to admins only when mirroring is disabled.
- Reject all container registry requests from blocked users.
- Deny localhost requests on fogbugz importer.
- Redact notes in moved confidential issues.
- Fix UploadRewriter Path Traversal vulnerability.
- Block hotlinking to repository archives.
- Restrict access to project pipeline metrics reports.
- vulnerability_feedback records should be restricted to a dev role and above.
- Exclude Carrierwave remote URL methods from import.
- Update Nokogiri to fix CVE-2020-7595.
- Prevent updating trigger by other maintainers.
- Fix XSS vulnerability in `admin/email` "Recipient Group" dropdown.
### Fixed (1 change)
- Fix updating the authorized_keys file. !27798
## 12.9.0 (2020-03-22)
## 12.9.0 (2020-03-22)
### Security (1 change)
### Security (1 change)
...
...
changelogs/unreleased/212178-fix-authorized-keys-worker.yml
已删除
100644 → 0
浏览文件 @
1acb2ee3
---
title
:
Fix updating the authorized_keys file
merge_request
:
27798
author
:
type
:
fixed
changelogs/unreleased/security-120026-redact-notes-in-moved-confidential-issues.yml
已删除
100644 → 0
浏览文件 @
1acb2ee3
---
title
:
Redact notes in moved confidential issues
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-193100-ignore-duplicate-multipart-params.yml
已删除
100644 → 0
浏览文件 @
1acb2ee3
---
title
:
Ignore empty remote_id params from Workhorse accelerated uploads
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-59-prevent-create-api-snippet.yml
已删除
100644 → 0
浏览文件 @
1acb2ee3
---
title
:
External user can not create personal snippet through API
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-backend-xss-admin-email.yml
已删除
100644 → 0
浏览文件 @
1acb2ee3
---
title
:
Prevent malicious entry for group name
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-disable-mirroring-fix.yml
已删除
100644 → 0
浏览文件 @
1acb2ee3
---
title
:
Restrict mirroring changes to admins only when mirroring is disabled
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-docker-blocked-users.yml
已删除
100644 → 0
浏览文件 @
1acb2ee3
---
title
:
Reject all container registry requests from blocked users
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-fogbugz-importer-deny-localhost-requests.yml
已删除
100644 → 0
浏览文件 @
1acb2ee3
---
title
:
Deny localhost requests on fogbugz importer
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-mr-pipeline-status-permission-check.yml
已删除
100644 → 0
浏览文件 @
1acb2ee3
---
title
:
Add permission check for pipeline status of MR
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-path-traversal-master.yml
已删除
100644 → 0
浏览文件 @
1acb2ee3
---
title
:
Fix UploadRewriter Path Traversal vulnerability
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-repository-archive-hotlinking.yml
已删除
100644 → 0
浏览文件 @
1acb2ee3
---
title
:
Block hotlinking to repository archives
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-restrict-project-pipeline-metrics.yml
已删除
100644 → 0
浏览文件 @
1acb2ee3
---
title
:
Restrict access to project pipeline metrics reports
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-rf-vulnerability-metadata-fix.yml
已删除
100644 → 0
浏览文件 @
1acb2ee3
---
title
:
vulnerability_feedback records should be restricted to a dev role and above
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-ssrf-attachment-url.yml
已删除
100644 → 0
浏览文件 @
1acb2ee3
---
title
:
Exclude Carrierwave remote URL methods from import
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-update-nokogiri-cve-2020-7595.yml
已删除
100644 → 0
浏览文件 @
1acb2ee3
---
title
:
Update Nokogiri to fix CVE-2020-7595
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-updating-description-of-trigger-by-other-maintainer.yml
已删除
100644 → 0
浏览文件 @
1acb2ee3
---
title
:
Prevent updating trigger by other maintainers
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-xss-vulnerability-in-admin-send-email-notification.yml
已删除
100644 → 0
浏览文件 @
1acb2ee3
---
title
:
Fix XSS vulnerability in `admin/email` "Recipient Group" dropdown
merge_request
:
author
:
type
:
security
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录