[packages/gitlab-ce] 8.17.5 (2017-04-05); SECURITY
glen
glen at pld-linux.org
Thu Apr 6 21:58:18 CEST 2017
commit 9c6ed890dd721d1c623f422d7a6e7fb6746a9967
Author: Elan Ruusamäe <glen at delfi.ee>
Date: Thu Apr 6 22:57:11 2017 +0300
8.17.5 (2017-04-05); SECURITY
- Don't show source project name when user does not have access.
- Remove the class attribute from the whitelist for HTML generated from Markdown.
- Fix path disclosure in project import/export.
- Fix for open redirect vulnerability using continue[to] in URL when requesting project import status.
- Fix for open redirect vulnerabilities in todos, issues, and MR controllers.
gitlab-ce.spec | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
---
diff --git a/gitlab-ce.spec b/gitlab-ce.spec
index 8c602b7..c3615a8 100644
--- a/gitlab-ce.spec
+++ b/gitlab-ce.spec
@@ -18,7 +18,7 @@
%define workhorse_version 1.3.0
Summary: A Web interface to create projects and repositories, manage access and do code reviews
Name: gitlab-ce
-Version: 8.17.4
+Version: 8.17.5
Release: 0.82
License: MIT
Group: Applications/WWW
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/gitlab-ce.git/commitdiff/9c6ed890dd721d1c623f422d7a6e7fb6746a9967
More information about the pld-cvs-commit
mailing list