Update CHANGELOG.md for 12.3.2

[ci skip]
author: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> 2019-09-27 01:23:50 +0300
committer: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> 2019-09-27 01:23:50 +0300
commit: fa496b6494e372ed6e6ad99d975d26fed12368c1 (patch)
tree: e5c3a0f631537bbfdb1a3fa731fd4561abf8e3b5 /CHANGELOG.md
parent: 40a93ab093364e618e074657b742d9daceace6cc (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index ed5264fae1e..ae76d31dd24 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,22 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 12.3.2
+
+### Security (10 changes)
+
+- Fix Gitaly SearchBlobs flag RPC injection.
+- Add a policy check for system notes that may not be visible due to cross references to private items.
+- Display only participants that user has permission to see on milestone page.
+- Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings.
+- Fix new project path being disclosed through unsubscribe link of issue/merge requests.
+- Prevent bypassing email verification using Salesforce.
+- Do not show resource label events referencing not accessible labels.
+- Cancel all running CI jobs triggered by the user who is just blocked.
+- Only render fixed number of mermaid blocks.
+- Prevent GitLab accounts takeover if SAML is configured.
+
+
 ## 12.3.1
 
 ### Fixed (4 changes)
author	GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>	2019-09-27 01:23:50 +0300
committer	GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>	2019-09-27 01:23:50 +0300
commit	fa496b6494e372ed6e6ad99d975d26fed12368c1 (patch)
tree	e5c3a0f631537bbfdb1a3fa731fd4561abf8e3b5 /CHANGELOG.md
parent	40a93ab093364e618e074657b742d9daceace6cc (diff)