diff options
| author | Joe Chen <jc@unknwon.io> | 2022-05-31 16:47:13 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-05-31 16:47:13 +0800 |
| commit | c0941f4631fd96fb81577cbd3d85ba5563f438dc (patch) | |
| tree | cc7ad307ce83638862599434e0ad4ffab7f2a2ae | |
| parent | 5414ae14a9ca3c9065f90e1d9051ffe339f97960 (diff) | |
CHANGELOG: cut entries for 0.12.8 (#6992)
[skip ci]
| -rw-r--r-- | CHANGELOG.md | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 3aa82e75..ac522fc0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,14 +19,9 @@ All notable changes to Gogs are documented in this file. - MSSQL as database backend is deprecated, installation page no longer shows it as an option. Existing installations and manually craft configuration file continue to work. [#6295](https://github.com/gogs/gogs/pull/6295) - Use [Task](https://github.com/go-task/task) as the build tool. [#6297](https://github.com/gogs/gogs/pull/6297) - The required Go version to compile source code changed to 1.16. -- All users (including admins) need to use the configuration option `[security] LOCAL_NETWORK_ALLOWLIST` to allow repository migration and webhooks to be able to access local network addresses, which is a comma separated list of hostnames. [#6988](https://github.com/gogs/gogs/pull/6988) ### Fixed -- _Security:_ SSRF in webhook. [#6901](https://github.com/gogs/gogs/issues/6901) -- _Security:_ XSS in cookies. [#6953](https://github.com/gogs/gogs/issues/6953) -- _Security:_ OS Command Injection in file uploading. [#6968](https://github.com/gogs/gogs/issues/6968) -- _Security:_ Remote Command Execution in file editing. [#6555](https://github.com/gogs/gogs/issues/6555) - Unable to use LDAP authentication on ARM machines. [#6761](https://github.com/gogs/gogs/issues/6761) ### Removed @@ -49,6 +44,19 @@ All notable changes to Gogs are documented in this file. - Configuration option `[database] PASSWD` is no longer used, please use `[database] PASSWORD`. - Remove option to use Makefile as the build tool. [#6980](https://github.com/gogs/gogs/pull/6980) +## 0.12.8 + +### Changed + +- All users (including admins) need to use the configuration option `[security] LOCAL_NETWORK_ALLOWLIST` to allow repository migration and webhooks to be able to access local network addresses, which is a comma separated list of hostnames. [#6988](https://github.com/gogs/gogs/pull/6988) + +### Fixed + +- _Security:_ SSRF in webhook. [#6901](https://github.com/gogs/gogs/issues/6901) +- _Security:_ XSS in cookies. [#6953](https://github.com/gogs/gogs/issues/6953) +- _Security:_ OS Command Injection in file uploading. [#6968](https://github.com/gogs/gogs/issues/6968) +- _Security:_ Remote Command Execution in file editing. [#6555](https://github.com/gogs/gogs/issues/6555) + ## 0.12.7 ### Fixed |