diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-11-27 18:06:45 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-11-27 18:06:45 +0300 |
| commit | a98649b71085bcd21af674a47d6a746336c56a65 (patch) | |
| tree | 1e518ce4f61a8d7260ba9d6d3b8db8906251d6a0 /CHANGELOG.md | |
| parent | a4484fd22dd0d055a10fe084b82349e42f7363e1 (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'CHANGELOG.md')
| -rw-r--r-- | CHANGELOG.md | 33 |
1 files changed, 12 insertions, 21 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index bea21092b43..f22601325d8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,16 +4,19 @@ entry. ## 12.5.1 -### Security (8 changes) +### Security (11 changes) -- Check permissions before showing a forked project's source. +- Do not create todos for approvers without access. !1442 +- Hide commit counts from guest users in Cycle Analytics. - Encrypt application setting tokens. - Update Workhorse and Gitaly to fix a security issue. -- Hide commit counts from guest users in Cycle Analytics. +- Add maven file_name regex validation on incoming files. +- Check permissions before showing a forked project's source. - Limit potential for DNS rebind SSRF in chat notifications. - Ensure are cleaned by ImportExport::AttributeCleaner. - Remove notes regarding Related Branches from Issue activity feeds for guest users. - Escape namespace in label references to prevent XSS. +- Add authorization to using filter vulnerable in Dependency List. ## 12.5.0 @@ -367,21 +370,6 @@ entry. - Change selects from default browser style to custom style. -## 12.4.4 - -### Security (9 changes) - -- Check permissions before showing a forked project's source. -- Encrypt application setting tokens. -- Update Workhorse and Gitaly to fix a security issue. -- Hide commit counts from guest users in Cycle Analytics. -- Limit potential for DNS rebind SSRF in chat notifications. -- Fix 500 error caused by invalid byte sequences in links. -- Ensure are cleaned by ImportExport::AttributeCleaner. -- Remove notes regarding Related Branches from Issue activity feeds for guest users. -- Escape namespace in label references to prevent XSS. - - ## 12.4.3 ### Fixed (2 changes) @@ -752,17 +740,20 @@ entry. ## 12.3.7 -### Security (9 changes) +### Security (12 changes) -- Check permissions before showing a forked project's source. +- Do not create todos for approvers without access. !1442 +- Limit potential for DNS rebind SSRF in chat notifications. - Encrypt application setting tokens. - Update Workhorse and Gitaly to fix a security issue. +- Add maven file_name regex validation on incoming files. - Hide commit counts from guest users in Cycle Analytics. -- Limit potential for DNS rebind SSRF in chat notifications. +- Check permissions before showing a forked project's source. - Fix 500 error caused by invalid byte sequences in links. - Ensure are cleaned by ImportExport::AttributeCleaner. - Remove notes regarding Related Branches from Issue activity feeds for guest users. - Escape namespace in label references to prevent XSS. +- Add authorization to using filter vulnerable in Dependency List. ## 12.3.4 |