diff options
author | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2019-09-27 01:23:50 +0300 |
---|---|---|
committer | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2019-09-27 01:23:50 +0300 |
commit | fa496b6494e372ed6e6ad99d975d26fed12368c1 (patch) | |
tree | e5c3a0f631537bbfdb1a3fa731fd4561abf8e3b5 /CHANGELOG.md | |
parent | 40a93ab093364e618e074657b742d9daceace6cc (diff) |
Update CHANGELOG.md for 12.3.2
[ci skip]
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r-- | CHANGELOG.md | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index ed5264fae1e..ae76d31dd24 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,22 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 12.3.2 + +### Security (10 changes) + +- Fix Gitaly SearchBlobs flag RPC injection. +- Add a policy check for system notes that may not be visible due to cross references to private items. +- Display only participants that user has permission to see on milestone page. +- Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings. +- Fix new project path being disclosed through unsubscribe link of issue/merge requests. +- Prevent bypassing email verification using Salesforce. +- Do not show resource label events referencing not accessible labels. +- Cancel all running CI jobs triggered by the user who is just blocked. +- Only render fixed number of mermaid blocks. +- Prevent GitLab accounts takeover if SAML is configured. + + ## 12.3.1 ### Fixed (4 changes) |