Add latest changes from gitlab-org/gitlab@12-4-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2019-12-06 16:49:32 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2019-12-06 16:49:32 +0300
commit: 97a41ac6af97842bb00222c5291f72e05c801481 (patch)
tree: abaa60ffa144e699b8ad6f2d8f83c61d8d2e031d /CHANGELOG.md
parent: 6051a4b29b5ac00937ece5d04dd79eab7e2b10f3 (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 77c1c6ddb7a..41f1fd85fb3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,17 +8,20 @@ entry.
 
 ## 12.4.4
 
-### Security (9 changes)
+### Security (12 changes)
 
-- Check permissions before showing a forked project's source.
+- Do not create todos for approvers without access. !1442
+- Limit potential for DNS rebind SSRF in chat notifications.
 - Encrypt application setting tokens.
 - Update Workhorse and Gitaly to fix a security issue.
+- Add maven file_name regex validation on incoming files.
 - Hide commit counts from guest users in Cycle Analytics.
-- Limit potential for DNS rebind SSRF in chat notifications.
+- Check permissions before showing a forked project's source.
 - Fix 500 error caused by invalid byte sequences in links.
 - Ensure are cleaned by ImportExport::AttributeCleaner.
 - Remove notes regarding Related Branches from Issue activity feeds for guest users.
 - Escape namespace in label references to prevent XSS.
+- Add authorization to using filter vulnerable in Dependency List.
 
 
 ## 12.4.3
author	GitLab Bot <gitlab-bot@gitlab.com>	2019-12-06 16:49:32 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2019-12-06 16:49:32 +0300
commit	97a41ac6af97842bb00222c5291f72e05c801481 (patch)
tree	abaa60ffa144e699b8ad6f2d8f83c61d8d2e031d /CHANGELOG.md
parent	6051a4b29b5ac00937ece5d04dd79eab7e2b10f3 (diff)