diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-11-04 16:36:03 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-11-04 16:36:03 +0300 |
| commit | 39b0e286bcf1239424eed8e0dac118a9f4f4b6ac (patch) | |
| tree | 3cee07417e86b487913af6dd0d2084da31fa3f1c /CHANGELOG.md | |
| parent | 9fc4650da6efa808960b28f9e77fede55424d77e (diff) | |
Add latest changes from gitlab-org/gitlab@12-4-stable-ee
Diffstat (limited to 'CHANGELOG.md')
| -rw-r--r-- | CHANGELOG.md | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 16a36724b4f..64f7957860c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,11 +4,12 @@ entry. ## 12.4.1 -### Security (12 changes) +### Security (14 changes) - Standardize error response when route is missing. - Do not display project labels that are not visible for user accessing group labels. - Show cross-referenced label and milestones in issues' activities only to authorized users. +- Show cross-referenced label and milestones in issues' activities only to authorized users. - Analyze incoming GraphQL queries and check for recursion. - Disallow unprivileged users from commenting on private repository commits. - Don't allow maintainers of a target project to delete the source branch of a merge request from a fork. @@ -17,6 +18,7 @@ entry. - Return 404 on LFS request if project doesn't exist. - Mask sentry auth token in Error Tracking dashboard. - Fixes a Open Redirect issue in `InternalRedirect`. +- Remove deploy access level when project/group link is deleted. - Sanitize all wiki markup formats with GitLab sanitization pipelines. |