diff options
author | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2020-05-27 15:17:19 +0300 |
---|---|---|
committer | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2020-05-27 15:17:19 +0300 |
commit | 29185008fc5d4b660ee9a81fc599aa08c26ca0e9 (patch) | |
tree | 9ca8a9a788fdda384df66ad8617185248e543b6f /CHANGELOG.md | |
parent | 7ee8a6cfa3a2ecc1997679fab0d79f7e33083de0 (diff) |
Update CHANGELOG.md for 12.10.7
[ci skip]
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r-- | CHANGELOG.md | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index d82b267037c..7a01b71d1ef 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,26 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 12.10.7 (2020-05-27) + +### Security (14 changes) + +- Add an extra validation to Static Site Editor payload. +- Hide EKS secret key in admin integrations settings. +- Added data integrity check before updating a deploy key. +- Display only verified emails on notifications and profile page. +- Disable caching on repo/blobs/[sha]/raw endpoint. +- Require confirmed email address for GitLab OAuth authentication. +- Kubernetes cluster details page no longer exposes Service Token. +- Fix confirming unverified emails with soft email confirmation flow enabled. +- Disallow user to control PUT request using mermaid markdown in issue description. +- Check forked project permissions before allowing fork. +- Limit memory footprint of a command that generates ZIP artifacts metadata. +- Fix file enuming using Group Import. +- Prevent XSS in the monitoring dashboard. +- Use `gsub` instead of the Ruby `%` operator to perform variable substitution in Prometheus proxy API. + + ## 12.10.6 (2020-05-15) ### Fixed (5 changes) |