diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2013-11-18 19:11:47 +0000 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2013-11-18 19:11:47 +0000 |
| commit | fa6173168a953aaad1d6359f60eab62d6f2f2e74 (patch) | |
| tree | 8d8019759fc245118c7940f72ae9f204d33129af | |
| parent | 6d1b3763c264c94d44d1cf3ae00ec1b62d894bdd (diff) | |
| parent | ca6f6f7265ba62cfeb7b4745927f62b50f47e36d (diff) | |
| download | gitlab-shell-fa6173168a953aaad1d6359f60eab62d6f2f2e74.tar.gz | |
Merge branch 'cve_in_changelog' of /home/git/repositories/gitlab/gitlab-shell
| -rw-r--r-- | CHANGELOG | 9 |
1 files changed, 5 insertions, 4 deletions
@@ -1,8 +1,9 @@ v1.7.8 - - Escape repository path to prevent relative links + - Escape repository path to prevent relative links (CVE-2013-4583) v1.7.7 - - Separate options from arguments with -- + - Separate options from arguments with -- (CVE-2013-4582) + - Bypass shell and use stdlib JSON for GitlabUpdate (CVE-2013-4581) v1.7.6 - Fix gitlab-projects update-head for improted repo when branch exists but not listed in refs/head @@ -11,10 +12,10 @@ v1.7.5 - Remove keys from authorized_keys using ruby instead of shell v1.7.4 - - More protection against shell injection + - More protection against shell injection (CVE-2013-4546) v1.7.3 - - Use Kernel#open to append lines to authorized_keys + - Use Kernel#open to append lines to authorized_keys (CVE-2013-4490) v1.7.2 - More safe command execution |