Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
916e1642
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
916e1642
编写于
9月 06, 2017
作者:
J
Jose Ivan Vargas
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Update CHANGELOG.md for 9.3.11
[ci skip]
上级
d1b60cbc
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
18 addition
and
5 deletion
+18
-5
CHANGELOG.md
CHANGELOG.md
+18
-0
changelogs/unreleased/fix-gem-security-updates.yml
changelogs/unreleased/fix-gem-security-updates.yml
+0
-5
未找到文件。
CHANGELOG.md
浏览文件 @
916e1642
...
@@ -453,6 +453,24 @@ entry.
...
@@ -453,6 +453,24 @@ entry.
-
Log rescued exceptions to Sentry.
-
Log rescued exceptions to Sentry.
-
Remove remaining N+1 queries in merge requests API with emojis and labels.
-
Remove remaining N+1 queries in merge requests API with emojis and labels.
## 9.3.11 (2017-09-06)
-
[SECURITY] Upgrade mail and nokogiri gems due to security issues. !13662 (Markus Koller)
-
[SECURITY] Prevent a persistent XSS in the commit author block.
-
Improve support for external issue references. !12485
-
Use uploads/system directory for personal snippets.
-
Remove uploads/appearance symlink. A leftover from a previous migration.
-
Fix XSS issue in go-get handling.
-
Remove hidden symlinks from project import files.
-
Fix an infinite loop when handling user-supplied regular expressions.
-
Fixes race condition in project uploads.
-
Fixes race condition in project uploads.
-
Disallow Git URLs that include a username or hostname beginning with a non-alphanumeric character.
-
Disallow arbitrary properties in
`th`
and
`td`
`style`
attributes.
-
Resolve CSRF token leakage via pathname manipulation on environments page.
-
Disallow the
`name`
attribute on all user-provided markup.
-
Renders 404 if given project is not readable by the user on Todos dashboard.
## 9.3.10 (2017-08-09)
## 9.3.10 (2017-08-09)
-
Remove hidden symlinks from project import files.
-
Remove hidden symlinks from project import files.
...
...
changelogs/unreleased/fix-gem-security-updates.yml
已删除
100644 → 0
浏览文件 @
d1b60cbc
---
title
:
Upgrade mail and nokogiri gems due to security issues
merge_request
:
13662
author
:
Markus Koller
type
:
security
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录