diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-11-27 14:38:22 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-11-27 14:38:22 +0300 |
commit | ec764103ee252c84563851ccc53fb99eef88c742 (patch) | |
tree | 766a240a29d27635e7a2eeed30b19c250adfdd28 /CHANGELOG.md | |
parent | 52b9f101a35b6eec91621d5470e6d5883bfcaf88 (diff) |
Add latest changes from gitlab-org/gitlab@12-5-stable-ee
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r-- | CHANGELOG.md | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 59fb71c3245..9cef812464a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,16 +4,19 @@ entry. ## 12.5.1 -### Security (8 changes) +### Security (11 changes) -- Check permissions before showing a forked project's source. +- Do not create todos for approvers without access. !1442 +- Hide commit counts from guest users in Cycle Analytics. - Encrypt application setting tokens. - Update Workhorse and Gitaly to fix a security issue. -- Hide commit counts from guest users in Cycle Analytics. +- Add maven file_name regex validation on incoming files. +- Check permissions before showing a forked project's source. - Limit potential for DNS rebind SSRF in chat notifications. - Ensure are cleaned by ImportExport::AttributeCleaner. - Remove notes regarding Related Branches from Issue activity feeds for guest users. - Escape namespace in label references to prevent XSS. +- Add authorization to using filter vulnerable in Dependency List. ## 12.5.0 |