GitLab v9.3.11 Release Notes
Release Date: 2017-09-06 // over 6 years ago-
- ๐ [SECURITY] Upgrade mail and nokogiri gems due to security issues. !13662 (Markus Koller)
- ๐ [SECURITY] Prevent a persistent XSS in the commit author block.
- ๐ Improve support for external issue references. !12485
- ๐ Use uploads/system directory for personal snippets.
- โ Remove uploads/appearance symlink. A leftover from a previous migration.
- ๐ Fix XSS issue in go-get handling.
- โ Remove hidden symlinks from project import files.
- ๐ Fix an infinite loop when handling user-supplied regular expressions.
- ๐ Fixes race condition in project uploads.
- ๐ Fixes race condition in project uploads.
- Disallow Git URLs that include a username or hostname beginning with a non-alphanumeric character.
- ๐
Disallow arbitrary properties in
th
andtd
style
attributes. - Resolve CSRF token leakage via pathname manipulation on environments page.
- Disallow the
name
attribute on all user-provided markup. - Renders 404 if given project is not readable by the user on Todos dashboard.