Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
bce8c3d7
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
bce8c3d7
编写于
7月 01, 2020
作者:
G
GitLab Release Tools Bot
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Update CHANGELOG.md for 13.1.2
[ci skip]
上级
3644e9b3
变更
19
隐藏空白更改
内联
并排
Showing
19 changed file
with
24 addition
and
90 deletion
+24
-90
CHANGELOG.md
CHANGELOG.md
+24
-0
changelogs/unreleased/128-update-xterm.yml
changelogs/unreleased/128-update-xterm.yml
+0
-5
changelogs/unreleased/private-profile-api.yml
changelogs/unreleased/private-profile-api.yml
+0
-5
changelogs/unreleased/security-150-xss-reference-redactor.yml
...gelogs/unreleased/security-150-xss-reference-redactor.yml
+0
-5
changelogs/unreleased/security-208685-fix-swagger-ui-xss.yml
changelogs/unreleased/security-208685-fix-swagger-ui-xss.yml
+0
-5
changelogs/unreleased/security-212469-fix-deploy-token-api.yml
...elogs/unreleased/security-212469-fix-deploy-token-api.yml
+0
-5
changelogs/unreleased/security-215175-filter-merge-participants.yml
.../unreleased/security-215175-filter-merge-participants.yml
+0
-5
changelogs/unreleased/security-dblessing-cookie-serializer.yml
...elogs/unreleased/security-dblessing-cookie-serializer.yml
+0
-5
changelogs/unreleased/security-dblessing-sanitize-group-names.yml
...gs/unreleased/security-dblessing-sanitize-group-names.yml
+0
-5
changelogs/unreleased/security-disable-caching-for-wiki-attachments.yml
...eleased/security-disable-caching-for-wiki-attachments.yml
+0
-5
changelogs/unreleased/security-disable-github-import-api-by-seetings.yml
...leased/security-disable-github-import-api-by-seetings.yml
+0
-5
changelogs/unreleased/security-fix-malicious-comment-master.yml
...logs/unreleased/security-fix-malicious-comment-master.yml
+0
-5
changelogs/unreleased/security-fix-time-tracking-permissions-api.yml
...unreleased/security-fix-time-tracking-permissions-api.yml
+0
-5
changelogs/unreleased/security-fj-add-snippet-repository-validation-bundle-import.yml
...ty-fj-add-snippet-repository-validation-bundle-import.yml
+0
-5
changelogs/unreleased/security-kaminari-update.yml
changelogs/unreleased/security-kaminari-update.yml
+0
-5
changelogs/unreleased/security-user-name-html.yml
changelogs/unreleased/security-user-name-html.yml
+0
-5
changelogs/unreleased/security-xss-bitbucket-import.yml
changelogs/unreleased/security-xss-bitbucket-import.yml
+0
-5
changelogs/unreleased/security-xss-error-tracking.yml
changelogs/unreleased/security-xss-error-tracking.yml
+0
-5
changelogs/unreleased/security-xss-issuables-list.yml
changelogs/unreleased/security-xss-issuables-list.yml
+0
-5
未找到文件。
CHANGELOG.md
浏览文件 @
bce8c3d7
...
...
@@ -2,6 +2,30 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
## 13.1.2 (2020-07-01)
### Security (18 changes)
- Update xterm js dependency to latest stable 3.x version.
- Do not show activity for users with private profiles.
- Fix stored XSS in markdown renderer.
- Upgrade swagger-ui to solve XSS issues.
- Fix group deploy token API authorizations.
- Check access when sending TODOs related to merge requests.
- Change from hybrid to JSON cookies serializer.
- Prevent XSS in group name validations.
- Disable caching for wiki attachments.
- Disable Github Importer API by settings.
- Fix null byte error in upload path.
- Update permissions for time tracking endpoints.
- Add snippet repository validation after bundle import.
- Update Kaminari gem.
- Fix note author name rendering.
- Sanitize bitbucket repo urls to mitigate XSS.
- Stored XSS on the Error Tracking page.
- Fix security issue when rendering issuable.
## 13.1.1 (2020-06-23)
### Fixed (4 changes)
...
...
changelogs/unreleased/128-update-xterm.yml
已删除
100644 → 0
浏览文件 @
3644e9b3
---
title
:
Update xterm js dependency to latest stable 3.x version
merge_request
:
author
:
type
:
security
changelogs/unreleased/private-profile-api.yml
已删除
100644 → 0
浏览文件 @
3644e9b3
---
title
:
Do not show activity for users with private profiles
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-150-xss-reference-redactor.yml
已删除
100644 → 0
浏览文件 @
3644e9b3
---
title
:
Fix stored XSS in markdown renderer
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-208685-fix-swagger-ui-xss.yml
已删除
100644 → 0
浏览文件 @
3644e9b3
---
title
:
Upgrade swagger-ui to solve XSS issues
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-212469-fix-deploy-token-api.yml
已删除
100644 → 0
浏览文件 @
3644e9b3
---
title
:
Fix group deploy token API authorizations
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-215175-filter-merge-participants.yml
已删除
100644 → 0
浏览文件 @
3644e9b3
---
title
:
Check access when sending TODOs related to merge requests
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-dblessing-cookie-serializer.yml
已删除
100644 → 0
浏览文件 @
3644e9b3
---
title
:
Change from hybrid to JSON cookies serializer
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-dblessing-sanitize-group-names.yml
已删除
100644 → 0
浏览文件 @
3644e9b3
---
title
:
Prevent XSS in group name validations
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-disable-caching-for-wiki-attachments.yml
已删除
100644 → 0
浏览文件 @
3644e9b3
---
title
:
Disable caching for wiki attachments
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-disable-github-import-api-by-seetings.yml
已删除
100644 → 0
浏览文件 @
3644e9b3
---
title
:
Disable Github Importer API by settings
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-fix-malicious-comment-master.yml
已删除
100644 → 0
浏览文件 @
3644e9b3
---
title
:
Fix
null
byte error in upload path
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-fix-time-tracking-permissions-api.yml
已删除
100644 → 0
浏览文件 @
3644e9b3
---
title
:
Update permissions for time tracking endpoints
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-fj-add-snippet-repository-validation-bundle-import.yml
已删除
100644 → 0
浏览文件 @
3644e9b3
---
title
:
Add snippet repository validation after bundle import
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-kaminari-update.yml
已删除
100644 → 0
浏览文件 @
3644e9b3
---
title
:
Update Kaminari gem
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-user-name-html.yml
已删除
100644 → 0
浏览文件 @
3644e9b3
---
title
:
Fix note author name rendering
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-xss-bitbucket-import.yml
已删除
100644 → 0
浏览文件 @
3644e9b3
---
title
:
Sanitize bitbucket repo urls to mitigate XSS
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-xss-error-tracking.yml
已删除
100644 → 0
浏览文件 @
3644e9b3
---
title
:
Stored XSS on the Error Tracking page
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-xss-issuables-list.yml
已删除
100644 → 0
浏览文件 @
3644e9b3
---
title
:
Fix security issue when rendering issuable
merge_request
:
author
:
type
:
security
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录