Commit a0274a50 authored by Jose Ivan Vargas's avatar Jose Ivan Vargas

Update CHANGELOG.md for 9.4.6

[ci skip]
parent 916e1642
...@@ -203,6 +203,18 @@ entry. ...@@ -203,6 +203,18 @@ entry.
- Use a specialized class for querying events to improve performance. - Use a specialized class for querying events to improve performance.
- Update build badges to be pipeline badges and display passing instead of success. - Update build badges to be pipeline badges and display passing instead of success.
## 9.4.6 (2017-09-06)
- [SECURITY] Upgrade mail and nokogiri gems due to security issues. !13662 (Markus Koller)
- [SECURITY] Prevent a persistent XSS in the commit author block.
- Fix XSS issue in go-get handling.
- Remove hidden symlinks from project import files.
- Fixes race condition in project uploads.
- Disallow Git URLs that include a username or hostname beginning with a non-alphanumeric character.
- Disallow arbitrary properties in `th` and `td` `style` attributes.
- Resolve CSRF token leakage via pathname manipulation on environments page.
- Disallow the `name` attribute on all user-provided markup.
## 9.4.5 (2017-08-14) ## 9.4.5 (2017-08-14)
- Fix deletion of deploy keys linked to other projects. !13162 - Fix deletion of deploy keys linked to other projects. !13162
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment