Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
fe0797df
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
fe0797df
编写于
9月 02, 2020
作者:
G
GitLab Release Tools Bot
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Update CHANGELOG.md for 13.2.7
[ci skip]
上级
e8059f5c
变更
24
隐藏空白更改
内联
并排
Showing
24 changed file
with
29 addition
and
117 deletion
+29
-117
CHANGELOG.md
CHANGELOG.md
+29
-0
changelogs/unreleased/215879-check-validity-of-repository-mirror-urls.yml
...eased/215879-check-validity-of-repository-mirror-urls.yml
+0
-5
changelogs/unreleased/security-199-show-actual-group.yml
changelogs/unreleased/security-199-show-actual-group.yml
+0
-6
changelogs/unreleased/security-209-dblessing-prevent-stale-otp-user-id.yml
...ased/security-209-dblessing-prevent-stale-otp-user-id.yml
+0
-5
changelogs/unreleased/security-212-regenerate-2fa-app-code.yml
...elogs/unreleased/security-212-regenerate-2fa-app-code.yml
+0
-5
changelogs/unreleased/security-213-delete-other-sessions-when-activating-2fa.yml
...ecurity-213-delete-other-sessions-when-activating-2fa.yml
+0
-5
changelogs/unreleased/security-214-dblessing-revoke-session-on-pw-change.yml
...ed/security-214-dblessing-revoke-session-on-pw-change.yml
+0
-5
changelogs/unreleased/security-216-access-to-private-projects.yml
...gs/unreleased/security-216-access-to-private-projects.yml
+0
-5
changelogs/unreleased/security-217-dblessing-safe-omniauth-errors.yml
...nreleased/security-217-dblessing-safe-omniauth-errors.yml
+0
-5
changelogs/unreleased/security-218-prevent-2fa-bypass-using-api.yml
.../unreleased/security-218-prevent-2fa-bypass-using-api.yml
+0
-6
changelogs/unreleased/security-220-dblessing-revoke-remember-me-on-session-revocation.yml
...20-dblessing-revoke-remember-me-on-session-revocation.yml
+0
-5
changelogs/unreleased/security-223-webhook-dos-attack.yml
changelogs/unreleased/security-223-webhook-dos-attack.yml
+0
-5
changelogs/unreleased/security-add-presence-validation-oauth-apps.yml
...nreleased/security-add-presence-validation-oauth-apps.yml
+0
-5
changelogs/unreleased/security-api-auth-use-job-token-for-running-jobs.yml
...ased/security-api-auth-use-job-token-for-running-jobs.yml
+0
-5
changelogs/unreleased/security-deploy-token-can-read-disabled-repo.yml
...released/security-deploy-token-can-read-disabled-repo.yml
+0
-5
changelogs/unreleased/security-fix-conan-workhorse-params.yml
...gelogs/unreleased/security-fix-conan-workhorse-params.yml
+0
-5
changelogs/unreleased/security-graphql-type-check.yml
changelogs/unreleased/security-graphql-type-check.yml
+0
-5
changelogs/unreleased/security-improper-access-control-on-deploy-key.yml
...leased/security-improper-access-control-on-deploy-key.yml
+0
-5
changelogs/unreleased/security-pb-limit-profile-events.yml
changelogs/unreleased/security-pb-limit-profile-events.yml
+0
-5
changelogs/unreleased/security-prevent-aws-external-id-manipulation.yml
...eleased/security-prevent-aws-external-id-manipulation.yml
+0
-5
changelogs/unreleased/security-projectmaintainer-edit-badges.yml
...ogs/unreleased/security-projectmaintainer-edit-badges.yml
+0
-5
changelogs/unreleased/security-upgrade-jquery-3-5.yml
changelogs/unreleased/security-upgrade-jquery-3-5.yml
+0
-5
changelogs/unreleased/security-websocket-extensions-update-0-1-5.yml
...unreleased/security-websocket-extensions-update-0-1-5.yml
+0
-5
changelogs/unreleased/update-gitlab-runner-helm-chart-to-0-18-3.yml
.../unreleased/update-gitlab-runner-helm-chart-to-0-18-3.yml
+0
-5
未找到文件。
CHANGELOG.md
浏览文件 @
fe0797df
...
...
@@ -2,6 +2,35 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
## 13.2.7 (2020-09-02)
### Security (23 changes, 1 of them is from the community)
- Check validity of project's import_url before mirroring repository.
- Show on two-factor authentication setup page groups that are the cause of this requirement.
- Prevent interrupted 2FA sign-in from signing-in incorrect user.
- Create new 2FA code each time user is entering 2FA setup page.
- Remove all sessions but current while enabling 2FA.
- Invalidate two factor sign-in when user password changes.
- Delete members invites created by users being deleted.
- Prevent OmniAuth from rendering arbitrary error messages.
- Prevent not-2fa authenticated users that are supposed to use it to consume api via session.
- Invalidate remember me when an active session is revoked.
- Add rate limit on webhooks testing feature.
- Add scope presence validation to OAuth Application creation.
- Allow only running job tokens for API authentication.
- Prevent Deploy Tokens to read project resources when repository is disabled.
- Change conan api to use proper workhorse validation.
- Ensure global ID is of Snippet type in GraphQL destroy mutation.
- Fix Improper Access Control on Deploy-Key.
- Set maximum limit for profile events.
- Persist EKS External ID before presenting it to the user.
- Prevent project maintainers from editing group badges.
- Upgrade jquery to v3.5.
- Update websocket-extensions gem to 0.1.5. (Vitor Meireles De Sousa)
- Update GitLab Runner Helm Chart to 0.18.3.
## 13.2.6 (2020-08-18)
- No changes.
...
...
changelogs/unreleased/215879-check-validity-of-repository-mirror-urls.yml
已删除
100644 → 0
浏览文件 @
e8059f5c
---
title
:
Check validity of project's import_url before mirroring repository
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-199-show-actual-group.yml
已删除
100644 → 0
浏览文件 @
e8059f5c
---
title
:
Show on two-factor authentication setup page groups that are the cause of this
requirement
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-209-dblessing-prevent-stale-otp-user-id.yml
已删除
100644 → 0
浏览文件 @
e8059f5c
---
title
:
Prevent interrupted 2FA sign-in from signing-in incorrect user
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-212-regenerate-2fa-app-code.yml
已删除
100644 → 0
浏览文件 @
e8059f5c
---
title
:
Create new 2FA code each time user is entering 2FA setup page
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-213-delete-other-sessions-when-activating-2fa.yml
已删除
100644 → 0
浏览文件 @
e8059f5c
---
title
:
Remove all sessions but current while enabling 2FA
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-214-dblessing-revoke-session-on-pw-change.yml
已删除
100644 → 0
浏览文件 @
e8059f5c
---
title
:
Invalidate two factor sign-in when user password changes
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-216-access-to-private-projects.yml
已删除
100644 → 0
浏览文件 @
e8059f5c
---
title
:
Delete members invites created by users being deleted
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-217-dblessing-safe-omniauth-errors.yml
已删除
100644 → 0
浏览文件 @
e8059f5c
---
title
:
Prevent OmniAuth from rendering arbitrary error messages
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-218-prevent-2fa-bypass-using-api.yml
已删除
100644 → 0
浏览文件 @
e8059f5c
---
title
:
Prevent not-2fa authenticated users that are supposed to use it to consume
api via session
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-220-dblessing-revoke-remember-me-on-session-revocation.yml
已删除
100644 → 0
浏览文件 @
e8059f5c
---
title
:
Invalidate remember me when an active session is revoked
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-223-webhook-dos-attack.yml
已删除
100644 → 0
浏览文件 @
e8059f5c
---
title
:
Add rate limit on webhooks testing feature
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-add-presence-validation-oauth-apps.yml
已删除
100644 → 0
浏览文件 @
e8059f5c
---
title
:
Add scope presence validation to OAuth Application creation
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-api-auth-use-job-token-for-running-jobs.yml
已删除
100644 → 0
浏览文件 @
e8059f5c
---
title
:
Allow only running job tokens for API authentication
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-deploy-token-can-read-disabled-repo.yml
已删除
100644 → 0
浏览文件 @
e8059f5c
---
title
:
Prevent Deploy Tokens to read project resources when repository is disabled
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-fix-conan-workhorse-params.yml
已删除
100644 → 0
浏览文件 @
e8059f5c
---
title
:
Change conan api to use proper workhorse validation
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-graphql-type-check.yml
已删除
100644 → 0
浏览文件 @
e8059f5c
---
title
:
Ensure global ID is of Snippet type in GraphQL destroy mutation
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-improper-access-control-on-deploy-key.yml
已删除
100644 → 0
浏览文件 @
e8059f5c
---
title
:
Fix Improper Access Control on Deploy-Key
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-pb-limit-profile-events.yml
已删除
100644 → 0
浏览文件 @
e8059f5c
---
title
:
Set maximum limit for profile events
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-prevent-aws-external-id-manipulation.yml
已删除
100644 → 0
浏览文件 @
e8059f5c
---
title
:
Persist EKS External ID before presenting it to the user
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-projectmaintainer-edit-badges.yml
已删除
100644 → 0
浏览文件 @
e8059f5c
---
title
:
Prevent project maintainers from editing group badges
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-upgrade-jquery-3-5.yml
已删除
100644 → 0
浏览文件 @
e8059f5c
---
title
:
Upgrade jquery to v3.5
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-websocket-extensions-update-0-1-5.yml
已删除
100644 → 0
浏览文件 @
e8059f5c
---
title
:
Update websocket-extensions gem to 0.1.5
merge_request
:
author
:
Vitor Meireles De Sousa
type
:
security
changelogs/unreleased/update-gitlab-runner-helm-chart-to-0-18-3.yml
已删除
100644 → 0
浏览文件 @
e8059f5c
---
title
:
Update GitLab Runner Helm Chart to 0.18.3
merge_request
:
author
:
type
:
security
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录