diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-12-06 16:49:32 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-12-06 16:49:32 +0300 |
commit | 97a41ac6af97842bb00222c5291f72e05c801481 (patch) | |
tree | abaa60ffa144e699b8ad6f2d8f83c61d8d2e031d /CHANGELOG.md | |
parent | 6051a4b29b5ac00937ece5d04dd79eab7e2b10f3 (diff) |
Add latest changes from gitlab-org/gitlab@12-4-stable-ee
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r-- | CHANGELOG.md | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 77c1c6ddb7a..41f1fd85fb3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,17 +8,20 @@ entry. ## 12.4.4 -### Security (9 changes) +### Security (12 changes) -- Check permissions before showing a forked project's source. +- Do not create todos for approvers without access. !1442 +- Limit potential for DNS rebind SSRF in chat notifications. - Encrypt application setting tokens. - Update Workhorse and Gitaly to fix a security issue. +- Add maven file_name regex validation on incoming files. - Hide commit counts from guest users in Cycle Analytics. -- Limit potential for DNS rebind SSRF in chat notifications. +- Check permissions before showing a forked project's source. - Fix 500 error caused by invalid byte sequences in links. - Ensure are cleaned by ImportExport::AttributeCleaner. - Remove notes regarding Related Branches from Issue activity feeds for guest users. - Escape namespace in label references to prevent XSS. +- Add authorization to using filter vulnerable in Dependency List. ## 12.4.3 |