Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>2020-05-27 15:30:08 +0300
committerGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>2020-05-27 15:30:08 +0300
commita06a67ffa985737b1ed317469765989d263b971a (patch)
tree40d00a3c123fa9e09da316b1c1b656c4a2ce5b41
parentb4f4e4eec3d7d4de9603397690f271a57356f717 (diff)
Update CHANGELOG.md for 12.9.8
[ci skip]
Diffstat
-rw-r--r--CHANGELOG.md19
-rw-r--r--changelogs/unreleased/security-132-remove-eks-details-from-admin-form.yml5
-rw-r--r--changelogs/unreleased/security-208449-fix-deploy-key-can-push.yml5
-rw-r--r--changelogs/unreleased/security-25994-unverified-email-mitigation.yml5
-rw-r--r--changelogs/unreleased/security-99-disable-caching-on-api-repo-blobs-raw.yml5
-rw-r--r--changelogs/unreleased/security-dblessing-oauth-email-verification.yml5
-rw-r--r--changelogs/unreleased/security-do-not-expose-kubernetes-token.yml5
-rw-r--r--changelogs/unreleased/security-fix-email-confirmation-bug.yml5
-rw-r--r--changelogs/unreleased/security-fix-mermaid-issue.yml5
-rw-r--r--changelogs/unreleased/security-forked-from.yml5
-rw-r--r--changelogs/unreleased/security-gb-fix-workhorse-zip-metadata-resources.yml5
-rw-r--r--changelogs/unreleased/security-group-import-file-enuming.yml5
-rw-r--r--changelogs/unreleased/security-jivanvl-prevent-xss-duplicate-dashboard-modal.yml5
-rw-r--r--changelogs/unreleased/security-use-gsub-variable-substitution.yml5
14 files changed, 19 insertions, 65 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 546e66fe451..0adc7ae8cb3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,25 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
+## 12.9.8 (2020-05-27)
+
+### Security (13 changes)
+
+- Hide EKS secret key in admin integrations settings.
+- Added data integrity check before updating a deploy key.
+- Display only verified emails on notifications and profile page.
+- Disable caching on repo/blobs/[sha]/raw endpoint.
+- Require confirmed email address for GitLab OAuth authentication.
+- Kubernetes cluster details page no longer exposes Service Token.
+- Fix confirming unverified emails with soft email confirmation flow enabled.
+- Disallow user to control PUT request using mermaid markdown in issue description.
+- Check forked project permissions before allowing fork.
+- Limit memory footprint of a command that generates ZIP artifacts metadata.
+- Fix file enuming using Group Import.
+- Prevent XSS in the monitoring dashboard.
+- Use `gsub` instead of the Ruby `%` operator to perform variable substitution in Prometheus proxy API.
+
+
## 12.9.7 (2020-05-13)
### Added (1 change)
diff --git a/changelogs/unreleased/security-132-remove-eks-details-from-admin-form.yml b/changelogs/unreleased/security-132-remove-eks-details-from-admin-form.yml
deleted file mode 100644
index ce1c48a6345..00000000000
--- a/changelogs/unreleased/security-132-remove-eks-details-from-admin-form.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Hide EKS secret key in admin integrations settings
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-208449-fix-deploy-key-can-push.yml b/changelogs/unreleased/security-208449-fix-deploy-key-can-push.yml
deleted file mode 100644
index cf738bd8479..00000000000
--- a/changelogs/unreleased/security-208449-fix-deploy-key-can-push.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Added data integrity check before updating a deploy key.
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-25994-unverified-email-mitigation.yml b/changelogs/unreleased/security-25994-unverified-email-mitigation.yml
deleted file mode 100644
index ee5672c6dff..00000000000
--- a/changelogs/unreleased/security-25994-unverified-email-mitigation.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Display only verified emails on notifications and profile page
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-99-disable-caching-on-api-repo-blobs-raw.yml b/changelogs/unreleased/security-99-disable-caching-on-api-repo-blobs-raw.yml
deleted file mode 100644
index 1869e6ea039..00000000000
--- a/changelogs/unreleased/security-99-disable-caching-on-api-repo-blobs-raw.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Disable caching on repo/blobs/[sha]/raw endpoint
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-dblessing-oauth-email-verification.yml b/changelogs/unreleased/security-dblessing-oauth-email-verification.yml
deleted file mode 100644
index 1f9a06d10d5..00000000000
--- a/changelogs/unreleased/security-dblessing-oauth-email-verification.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Require confirmed email address for GitLab OAuth authentication
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-do-not-expose-kubernetes-token.yml b/changelogs/unreleased/security-do-not-expose-kubernetes-token.yml
deleted file mode 100644
index 9297a4d927e..00000000000
--- a/changelogs/unreleased/security-do-not-expose-kubernetes-token.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Kubernetes cluster details page no longer exposes Service Token
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-fix-email-confirmation-bug.yml b/changelogs/unreleased/security-fix-email-confirmation-bug.yml
deleted file mode 100644
index ce66a255616..00000000000
--- a/changelogs/unreleased/security-fix-email-confirmation-bug.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix confirming unverified emails with soft email confirmation flow enabled
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-fix-mermaid-issue.yml b/changelogs/unreleased/security-fix-mermaid-issue.yml
deleted file mode 100644
index 4c254f8a4f5..00000000000
--- a/changelogs/unreleased/security-fix-mermaid-issue.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Disallow user to control PUT request using mermaid markdown in issue description
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-forked-from.yml b/changelogs/unreleased/security-forked-from.yml
deleted file mode 100644
index 77550193533..00000000000
--- a/changelogs/unreleased/security-forked-from.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Check forked project permissions before allowing fork
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-gb-fix-workhorse-zip-metadata-resources.yml b/changelogs/unreleased/security-gb-fix-workhorse-zip-metadata-resources.yml
deleted file mode 100644
index 1649bda4df3..00000000000
--- a/changelogs/unreleased/security-gb-fix-workhorse-zip-metadata-resources.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Limit memory footprint of a command that generates ZIP artifacts metadata
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-group-import-file-enuming.yml b/changelogs/unreleased/security-group-import-file-enuming.yml
deleted file mode 100644
index efdff7e84e9..00000000000
--- a/changelogs/unreleased/security-group-import-file-enuming.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix file enuming using Group Import
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-jivanvl-prevent-xss-duplicate-dashboard-modal.yml b/changelogs/unreleased/security-jivanvl-prevent-xss-duplicate-dashboard-modal.yml
deleted file mode 100644
index d4d7b1dbff6..00000000000
--- a/changelogs/unreleased/security-jivanvl-prevent-xss-duplicate-dashboard-modal.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent XSS in the monitoring dashboard
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-use-gsub-variable-substitution.yml b/changelogs/unreleased/security-use-gsub-variable-substitution.yml
deleted file mode 100644
index 83fb61ae47a..00000000000
--- a/changelogs/unreleased/security-use-gsub-variable-substitution.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Use `gsub` instead of the Ruby `%` operator to perform variable substitution in Prometheus proxy API
-merge_request:
-author:
-type: security
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-28 13:57:53 +0300