diff options
| author | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2019-09-27 01:36:04 +0300 |
|---|---|---|
| committer | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2019-09-27 01:36:04 +0300 |
| commit | 1125a889a9552cbb80556f852ab604b88a7eb3c2 (patch) | |
| tree | 1b85b0c598129c0516b594cbc4976fa124673e8f | |
| parent | e6e7d935701dfd2aacdb67f5cff7897115bd6bfe (diff) | |
Update CHANGELOG.md for 12.2.6
[ci skip]
11 files changed, 16 insertions, 53 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 4d788a6f44a..44a96276000 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,22 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 12.2.6 + +### Security (10 changes) + +- Add a policy check for system notes that may not be visible due to cross references to private items. +- Display only participants that user has permission to see on milestone page. +- Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings. +- Fix new project path being disclosed through unsubscribe link of issue/merge requests. +- Prevent bypassing email verification using Salesforce. +- Do not show resource label events referencing not accessible labels. +- Cancel all running CI jobs triggered by the user who is just blocked. +- Fix Gitaly SearchBlobs flag RPC injection [Gitaly v1.59.3]. +- Only render fixed number of mermaid blocks. +- Prevent GitLab accounts takeover if SAML is configured. + + ## 12.2.5 ### Security (1 change) diff --git a/changelogs/unreleased/security-12630-private-system-note-disclosed-in-graphql.yml b/changelogs/unreleased/security-12630-private-system-note-disclosed-in-graphql.yml deleted file mode 100644 index 03658c931a3..00000000000 --- a/changelogs/unreleased/security-12630-private-system-note-disclosed-in-graphql.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: Add a policy check for system notes that may not be visible due to cross references - to private items -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-12717-fix-confidential-issue-assignee-visible-to-guests.yml b/changelogs/unreleased/security-12717-fix-confidential-issue-assignee-visible-to-guests.yml deleted file mode 100644 index 574f9f8283c..00000000000 --- a/changelogs/unreleased/security-12717-fix-confidential-issue-assignee-visible-to-guests.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Display only participants that user has permission to see on milestone page -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-12718-project-milestones-disclosed-via-groups.yml b/changelogs/unreleased/security-12718-project-milestones-disclosed-via-groups.yml deleted file mode 100644 index 7625655cadd..00000000000 --- a/changelogs/unreleased/security-12718-project-milestones-disclosed-via-groups.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: Do not disclose project milestones on group milestones page when project milestones - access is disabled in project settings -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-64938-dont-disclose-path.yml b/changelogs/unreleased/security-64938-dont-disclose-path.yml deleted file mode 100644 index 0c858401233..00000000000 --- a/changelogs/unreleased/security-64938-dont-disclose-path.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: Fix new project path being disclosed through unsubscribe link of issue/merge - requests -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-bypass-email-verification-using-salesforce.yml b/changelogs/unreleased/security-bypass-email-verification-using-salesforce.yml deleted file mode 100644 index 20b841b68f8..00000000000 --- a/changelogs/unreleased/security-bypass-email-verification-using-salesforce.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent bypassing email verification using Salesforce -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-cross-reference-fix.yml b/changelogs/unreleased/security-cross-reference-fix.yml deleted file mode 100644 index 15d6509fd63..00000000000 --- a/changelogs/unreleased/security-cross-reference-fix.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Do not show resource label events referencing not accessible labels. -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-fp-stop-jobs-when-blocking-user.yml b/changelogs/unreleased/security-fp-stop-jobs-when-blocking-user.yml deleted file mode 100644 index 1bc4345d5b6..00000000000 --- a/changelogs/unreleased/security-fp-stop-jobs-when-blocking-user.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Cancel all running CI jobs triggered by the user who is just blocked -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-gitaly-1-59-3.yml b/changelogs/unreleased/security-gitaly-1-59-3.yml deleted file mode 100644 index 6d7a525ece4..00000000000 --- a/changelogs/unreleased/security-gitaly-1-59-3.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix Gitaly SearchBlobs flag RPC injection [Gitaly v1.59.3] -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-mermaid-block.yml b/changelogs/unreleased/security-mermaid-block.yml deleted file mode 100644 index 993e8cfec08..00000000000 --- a/changelogs/unreleased/security-mermaid-block.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Only render fixed number of mermaid blocks -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-sarcila-verify-saml-request-origin.yml b/changelogs/unreleased/security-sarcila-verify-saml-request-origin.yml deleted file mode 100644 index 9022bc8a26f..00000000000 --- a/changelogs/unreleased/security-sarcila-verify-saml-request-origin.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent GitLab accounts takeover if SAML is configured -merge_request: -author: -type: security |