diff options
author | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2019-06-27 15:08:50 +0300 |
---|---|---|
committer | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2019-06-27 15:08:50 +0300 |
commit | 43c155869e031664f5d78b9268624ec915115f4a (patch) | |
tree | c86b90c82a1f73f49a5545669bf7945893cab364 /CHANGELOG.md | |
parent | 73dae02756b77e66ee66c462ab4b0efaa1ebf6ec (diff) |
Update CHANGELOG.md for 12.0.3
[ci skip]
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r-- | CHANGELOG.md | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 0d30fc6553f..62d0ff3f544 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,22 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 12.0.3 (2019-06-27) + +### Security (10 changes) + +- Persist tmp snippet uploads at users. +- Gate MR head_pipeline behind read_pipeline ability. +- Fix DoS vulnerability in color validation regex. +- Expose merge requests count based on user access. +- Fix Denial of Service for comments when rendering issues/MR comments. +- Add missing authorizations in GraphQL. +- Disable Rails SQL query cache when applying service templates. +- Prevent Billion Laughs attack. +- Correctly check permissions when creating snippet notes. +- Prevent the detection of merge request templates by unauthorized users. + + ## 12.0.2 (2019-06-25) ### Fixed (7 changes, 1 of them is from the community) |