Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
485f6946
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
485f6946
编写于
3月 04, 2020
作者:
G
GitLab Release Tools Bot
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Update CHANGELOG.md for 12.7.7
[ci skip]
上级
16d42c68
变更
18
隐藏空白更改
内联
并排
Showing
18 changed file
with
23 addition
and
86 deletion
+23
-86
CHANGELOG.md
CHANGELOG.md
+23
-0
changelogs/unreleased/199035-sharing_group_to_update_project_authorization.yml
.../199035-sharing_group_to_update_project_authorization.yml
+0
-5
changelogs/unreleased/199415-sharing_group_to_respect_member_access_level.yml
...d/199415-sharing_group_to_respect_member_access_level.yml
+0
-5
changelogs/unreleased/36805-confidential-issue.yml
changelogs/unreleased/36805-confidential-issue.yml
+0
-5
changelogs/unreleased/enfoce-group-member-2fa.yml
changelogs/unreleased/enfoce-group-member-2fa.yml
+0
-5
changelogs/unreleased/security-49-xss-branch-names.yml
changelogs/unreleased/security-49-xss-branch-names.yml
+0
-5
changelogs/unreleased/security-709-secret-traversal.yml
changelogs/unreleased/security-709-secret-traversal.yml
+0
-5
changelogs/unreleased/security-badge-camo.yml
changelogs/unreleased/security-badge-camo.yml
+0
-5
changelogs/unreleased/security-check-mr-permissions-for-pipeline-widget.yml
...sed/security-check-mr-permissions-for-pipeline-widget.yml
+0
-5
changelogs/unreleased/security-deploy-token-registry-access.yml
...logs/unreleased/security-deploy-token-registry-access.yml
+0
-6
changelogs/unreleased/security-deprecate-lfs-link-service.yml
...gelogs/unreleased/security-deprecate-lfs-link-service.yml
+0
-5
changelogs/unreleased/security-disable-pipeline-webhook-recursion.yml
...nreleased/security-disable-pipeline-webhook-recursion.yml
+0
-5
changelogs/unreleased/security-expire-confirmation-token.yml
changelogs/unreleased/security-expire-confirmation-token.yml
+0
-5
changelogs/unreleased/security-grafana-stored-xss.yml
changelogs/unreleased/security-grafana-stored-xss.yml
+0
-5
changelogs/unreleased/security-graphql-diff-refs-empty-base-sha.yml
.../unreleased/security-graphql-diff-refs-empty-base-sha.yml
+0
-5
changelogs/unreleased/security-pb-fix-xss-dependency-link.yml
...gelogs/unreleased/security-pb-fix-xss-dependency-link.yml
+0
-5
changelogs/unreleased/security-recalculate_project_authorizations_run_2.yml
...sed/security-recalculate_project_authorizations_run_2.yml
+0
-5
changelogs/unreleased/security-safe-sentry-error-culprit.yml
changelogs/unreleased/security-safe-sentry-error-culprit.yml
+0
-5
未找到文件。
CHANGELOG.md
浏览文件 @
485f6946
...
...
@@ -2,6 +2,29 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
## 12.7.7
### Security (17 changes)
- Update ProjectAuthorization when deleting or updating GroupGroupLink.
- Respect member access level for group shares.
- Prevent an endless checking loop for two merge requests targeting each other.
- Update user 2fa when accepting a group invite.
- Fix for XSS in branch names.
- Prevent directory traversal through FileUploader.
- Run project badge images through the asset proxy.
- Check merge requests read permissions before showing them in the pipeline widget.
- Update container registry authentication to account for login request when checking permissions.
- Remove OID filtering during LFS imports.
- Protect against denial of service using pipeline webhook recursion.
- Expire account confirmation token.
- Prevent XSS in admin grafana URL setting.
- Don't require base_sha in DiffRefsType.
- Sanitize output by dependency linkers.
- Recalculate ProjectAuthorizations for all users.
- Escape special chars in Sentry error header.
## 12.7.6
### Security (1 change)
...
...
changelogs/unreleased/199035-sharing_group_to_update_project_authorization.yml
已删除
100644 → 0
浏览文件 @
16d42c68
---
title
:
Update ProjectAuthorization when deleting or updating GroupGroupLink
merge_request
:
author
:
type
:
security
changelogs/unreleased/199415-sharing_group_to_respect_member_access_level.yml
已删除
100644 → 0
浏览文件 @
16d42c68
---
title
:
Respect member access level for group shares
merge_request
:
author
:
type
:
security
changelogs/unreleased/36805-confidential-issue.yml
已删除
100644 → 0
浏览文件 @
16d42c68
---
title
:
Prevent an endless checking loop for two merge requests targeting each other
merge_request
:
author
:
type
:
security
changelogs/unreleased/enfoce-group-member-2fa.yml
已删除
100644 → 0
浏览文件 @
16d42c68
---
title
:
Update user 2fa when accepting a group invite
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-49-xss-branch-names.yml
已删除
100644 → 0
浏览文件 @
16d42c68
---
title
:
Fix for XSS in branch names
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-709-secret-traversal.yml
已删除
100644 → 0
浏览文件 @
16d42c68
---
title
:
Prevent directory traversal through FileUploader
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-badge-camo.yml
已删除
100644 → 0
浏览文件 @
16d42c68
---
title
:
Run project badge images through the asset proxy
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-check-mr-permissions-for-pipeline-widget.yml
已删除
100644 → 0
浏览文件 @
16d42c68
---
title
:
Check merge requests read permissions before showing them in the pipeline widget
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-deploy-token-registry-access.yml
已删除
100644 → 0
浏览文件 @
16d42c68
---
title
:
Update container registry authentication to account for login request when
checking permissions
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-deprecate-lfs-link-service.yml
已删除
100644 → 0
浏览文件 @
16d42c68
---
title
:
Remove OID filtering during LFS imports
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-disable-pipeline-webhook-recursion.yml
已删除
100644 → 0
浏览文件 @
16d42c68
---
title
:
Protect against denial of service using pipeline webhook recursion
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-expire-confirmation-token.yml
已删除
100644 → 0
浏览文件 @
16d42c68
---
title
:
Expire account confirmation token
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-grafana-stored-xss.yml
已删除
100644 → 0
浏览文件 @
16d42c68
---
title
:
Prevent XSS in admin grafana URL setting
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-graphql-diff-refs-empty-base-sha.yml
已删除
100644 → 0
浏览文件 @
16d42c68
---
title
:
Don't require base_sha in DiffRefsType
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-pb-fix-xss-dependency-link.yml
已删除
100644 → 0
浏览文件 @
16d42c68
---
title
:
Sanitize output by dependency linkers
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-recalculate_project_authorizations_run_2.yml
已删除
100644 → 0
浏览文件 @
16d42c68
---
title
:
Recalculate ProjectAuthorizations for all users
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-safe-sentry-error-culprit.yml
已删除
100644 → 0
浏览文件 @
16d42c68
---
title
:
Escape special chars in Sentry error header
merge_request
:
author
:
type
:
security
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录