Commit a5606e14 authored by Robert Speicher's avatar Robert Speicher

Update CHANGELOG for 8.4.10

[ci skip]
parent bbc92fff
Please view this file on the master branch, on stable branches it's out of date. Please view this file on the master branch, on stable branches it's out of date.
v 8.4.10 v 8.4.10
- Fix a window.opener bug that could lead to XSS and open redirects - Prevent privilege escalation via "impersonate" feature
- Prevent privilege escalation via notes API
- Prevent privilege escalation via project webhook API
- Prevent XSS via Git branch and tag names - Prevent XSS via Git branch and tag names
- Prevent XSS via custom issue tracker URL - Prevent XSS via custom issue tracker URL
- Fix vulnerability that leaks private labels and milestones - Prevent XSS via `window.opener`
- Prevent privilege escalation via "impersonate" feature
- Prevent users from deleting Webhooks via API they do not own
- Prevent information disclosure via snippet API - Prevent information disclosure via snippet API
- Prevent information disclosure via project labels
- Prevent information disclosure via new merge request page - Prevent information disclosure via new merge request page
v 8.4.9 v 8.4.9
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment