diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-11-27 14:38:22 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-11-27 14:38:22 +0300 |
| commit | ec764103ee252c84563851ccc53fb99eef88c742 (patch) | |
| tree | 766a240a29d27635e7a2eeed30b19c250adfdd28 | |
| parent | 52b9f101a35b6eec91621d5470e6d5883bfcaf88 (diff) | |
Add latest changes from gitlab-org/gitlab@12-5-stable-ee
| -rw-r--r-- | CHANGELOG-EE.md | 12 | ||||
| -rw-r--r-- | CHANGELOG.md | 9 | ||||
| -rw-r--r-- | VERSION | 2 | ||||
| -rw-r--r-- | locale/gitlab.pot | 3 |
4 files changed, 22 insertions, 4 deletions
diff --git a/CHANGELOG-EE.md b/CHANGELOG-EE.md index 49e78e55645..4da28b73cdb 100644 --- a/CHANGELOG-EE.md +++ b/CHANGELOG-EE.md @@ -1,5 +1,17 @@ Please view this file on the master branch, on stable branches it's out of date. +## 12.5.1 + +### Security (6 changes) + +- Protect Jira integration endpoints from guest users. +- Fix private comment Elasticsearch leak on project search scope. +- Filter snippet search results by feature visibility. +- Hide AWS secret on Admin Integration page. +- Fail pull mirror when mirror user is blocked. +- Prevent IDOR when adding users to protected environments. + + ## 12.5.0 ### Security (5 changes) diff --git a/CHANGELOG.md b/CHANGELOG.md index 59fb71c3245..9cef812464a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,16 +4,19 @@ entry. ## 12.5.1 -### Security (8 changes) +### Security (11 changes) -- Check permissions before showing a forked project's source. +- Do not create todos for approvers without access. !1442 +- Hide commit counts from guest users in Cycle Analytics. - Encrypt application setting tokens. - Update Workhorse and Gitaly to fix a security issue. -- Hide commit counts from guest users in Cycle Analytics. +- Add maven file_name regex validation on incoming files. +- Check permissions before showing a forked project's source. - Limit potential for DNS rebind SSRF in chat notifications. - Ensure are cleaned by ImportExport::AttributeCleaner. - Remove notes regarding Related Branches from Issue activity feeds for guest users. - Escape namespace in label references to prevent XSS. +- Add authorization to using filter vulnerable in Dependency List. ## 12.5.0 @@ -1 +1 @@ -12.5.1 +12.5.1-ee diff --git a/locale/gitlab.pot b/locale/gitlab.pot index a7ba66cde96..dc40d58a58c 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -6394,6 +6394,9 @@ msgstr "" msgid "Enter merge request URLs" msgstr "" +msgid "Enter new AWS Secret Access Key" +msgstr "" + msgid "Enter the issue description" msgstr "" |