Commit 0f811675 authored by Michael Kozono's avatar Michael Kozono

Manually add 10.2.4 changelog entries

parent f4fbe61a
Pipeline #14901592 failed with stages
in 2 minutes and 3 seconds
......@@ -2,6 +2,17 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
## 10.2.4 (2017-12-08)
### Security (4 changes)
- Fix e-mail address disclosure through member search fields
- Prevent creating issues through API when user does not have permissions
- Prevent an information disclosure in the Groups API
- Fix user without access to private Wiki being able to see it on the project page
- Fix Cross-Site Scripting (XSS) vulnerability while editing a comment
## 10.2.3 (2017-11-30)
### Fixed (7 changes)
......
---
title: Don't match partial email adresses
merge_request: 2227
author:
type: security
---
title: Prevent creating issues through API when user does not have permissions
merge_request:
author:
type: security
---
title: Prevent an information disclosure in the Groups API
merge_request:
author:
type: security
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment