@Unknwon Unknwon released this Dec 12, 2018 · 21 commits to master since this release

Assets 13

Bug fixes

  • LDAP group verification doesn't work when using 'dn' as user attribute #4684
  • LDAP group verification fails #4792
  • Emoji's do not work in wiki #4869
  • Log level not applied from configuration #5007
  • Not able to go get a repository with non-80 port #5305
  • Fix critical CSRF vulnerabilities on API routes #5355
  • Wrong redirect after updated protect branch setting whose name contains # #5442
  • Clear labels not working #5445
  • [Security] Remote command execution #5469
  • Push event webhook is not triggered when new branch fetched to mirror repository #5473
  • Large issue comment exceeds dashboard section #5502
  • List collaborator API does not contain permission information #5538
  • [Security] Log out only deletes browser cookies #5540
  • [Security] Some routes need to be POST #5541
  • [Security] Stored XSS in external issue tracker URL format #5545

Improvements

  • Support prefilling the title and body of new issues using query parameters #5302
  • Support data URL of base64 encoded images in Markdown #5391
  • Allow non logged in users to call repository information API /repos/:username/:reponame #5475