diff options
| author | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2019-11-27 01:07:48 +0300 |
|---|---|---|
| committer | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2019-11-27 01:07:48 +0300 |
| commit | b475ac654d0a7d271470aff7ddb9125c05ef7806 (patch) | |
| tree | 6baf5ebd1592f9ef24aba2526d73a9110f39c0f4 | |
| parent | 8539ed88d6e8e5da73486422f1a8ff623830a4ef (diff) | |
Update CHANGELOG.md for 12.4.4
[ci skip]
10 files changed, 15 insertions, 46 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 5db49b71961..ddb0335690a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,21 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 12.4.4 + +### Security (9 changes) + +- Check permissions before showing a forked project's source. +- Encrypt application setting tokens. +- Update Workhorse and Gitaly to fix a security issue. +- Hide commit counts from guest users in Cycle Analytics. +- Limit potential for DNS rebind SSRF in chat notifications. +- Fix 500 error caused by invalid byte sequences in links. +- Ensure are cleaned by ImportExport::AttributeCleaner. +- Remove notes regarding Related Branches from Issue activity feeds for guest users. +- Escape namespace in label references to prevent XSS. + + ## 12.4.3 ### Fixed (2 changes) diff --git a/changelogs/unreleased/security-28802-respect-fork-parent-visibility-ee.yml b/changelogs/unreleased/security-28802-respect-fork-parent-visibility-ee.yml deleted file mode 100644 index 8872b73a0cc..00000000000 --- a/changelogs/unreleased/security-28802-respect-fork-parent-visibility-ee.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Check permissions before showing a forked project's source -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-2943-encrypt-plaintext-tokens.yml b/changelogs/unreleased/security-2943-encrypt-plaintext-tokens.yml deleted file mode 100644 index d040565da73..00000000000 --- a/changelogs/unreleased/security-2943-encrypt-plaintext-tokens.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Encrypt application setting tokens -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-29660-update-dependencies-12-4.yml b/changelogs/unreleased/security-29660-update-dependencies-12-4.yml deleted file mode 100644 index 283d951e69e..00000000000 --- a/changelogs/unreleased/security-29660-update-dependencies-12-4.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Update Workhorse and Gitaly to fix a security issue -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-ag-cycle-analytics-guest-permissions.yml b/changelogs/unreleased/security-ag-cycle-analytics-guest-permissions.yml deleted file mode 100644 index c7a3b8923cd..00000000000 --- a/changelogs/unreleased/security-ag-cycle-analytics-guest-permissions.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Hide commit counts from guest users in Cycle Analytics. -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-dns-rebind-ssrf-in-slack-notifications.yml b/changelogs/unreleased/security-dns-rebind-ssrf-in-slack-notifications.yml deleted file mode 100644 index 5f9713ef844..00000000000 --- a/changelogs/unreleased/security-dns-rebind-ssrf-in-slack-notifications.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Limit potential for DNS rebind SSRF in chat notifications -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-dos-issue-and-commit-comments-master.yml b/changelogs/unreleased/security-dos-issue-and-commit-comments-master.yml deleted file mode 100644 index c84cebdcca0..00000000000 --- a/changelogs/unreleased/security-dos-issue-and-commit-comments-master.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix 500 error caused by invalid byte sequences in links -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-exclude_ids_attribute_cleaning.yml b/changelogs/unreleased/security-exclude_ids_attribute_cleaning.yml deleted file mode 100644 index 08fc1393f20..00000000000 --- a/changelogs/unreleased/security-exclude_ids_attribute_cleaning.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Ensure are cleaned by ImportExport::AttributeCleaner -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-filter-related-branches-from-activity-feed.yml b/changelogs/unreleased/security-filter-related-branches-from-activity-feed.yml deleted file mode 100644 index 78d87ef37a5..00000000000 --- a/changelogs/unreleased/security-filter-related-branches-from-activity-feed.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: Remove notes regarding Related Branches from Issue activity feeds for guest - users -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-fix-xss-in-label-namespace.yml b/changelogs/unreleased/security-fix-xss-in-label-namespace.yml deleted file mode 100644 index 342cf3e68cb..00000000000 --- a/changelogs/unreleased/security-fix-xss-in-label-namespace.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Escape namespace in label references to prevent XSS -merge_request: -author: -type: security |