diff options
author | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2020-05-27 15:30:11 +0300 |
---|---|---|
committer | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2020-05-27 15:30:11 +0300 |
commit | 573f170dd946981eed564d7fdd77ca6d444a63c7 (patch) | |
tree | 374f9420ca486f2cbe09a69b7ed6b7e7b1b58056 | |
parent | 68a70d8f97255f20d19b201c013a9d4c73abc47b (diff) |
Update CHANGELOG.md for 12.9.8
[ci skip]
-rw-r--r-- | CHANGELOG.md | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 85610ae1bc8..df60047671b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1109,6 +1109,25 @@ entry. - Remove store_mentions! in Snippets::CreateService. !29581 (Sashi Kumar) +## 12.9.8 (2020-05-27) + +### Security (13 changes) + +- Hide EKS secret key in admin integrations settings. +- Added data integrity check before updating a deploy key. +- Display only verified emails on notifications and profile page. +- Disable caching on repo/blobs/[sha]/raw endpoint. +- Require confirmed email address for GitLab OAuth authentication. +- Kubernetes cluster details page no longer exposes Service Token. +- Fix confirming unverified emails with soft email confirmation flow enabled. +- Disallow user to control PUT request using mermaid markdown in issue description. +- Check forked project permissions before allowing fork. +- Limit memory footprint of a command that generates ZIP artifacts metadata. +- Fix file enuming using Group Import. +- Prevent XSS in the monitoring dashboard. +- Use `gsub` instead of the Ruby `%` operator to perform variable substitution in Prometheus proxy API. + + ## 12.9.6 (2020-05-05) ### Fixed (1 change) |