Commit e3bcddf2 authored by Robert Speicher's avatar Robert Speicher

Update CHANGELOG for 8.3.9

[ci skip]
parent a0ebf759
Please view this file on the master branch, on stable branches it's out of date. Please view this file on the master branch, on stable branches it's out of date.
v 8.3.9 v 8.3.9
- Fix a window.opener bug that could lead to XSS and open redirects
- Prevent XSS via custom issue tracker URL
- Fix vulnerability that leaks private labels and milestones
- Prevent privilege escalation via "impersonate" feature - Prevent privilege escalation via "impersonate" feature
- Prevent users from deleting Webhooks via API they do not own - Prevent privilege escalation via notes API
- Prevent information disclosure via snippet API - Prevent privilege escalation via project webhook API
- Prevent XSS via custom issue tracker URL
- Prevent XSS via `window.opener`
- Prevent information disclosure via project labels
- Prevent information disclosure via new merge request page - Prevent information disclosure via new merge request page
v 8.3.8 v 8.3.8
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment