Update CHANGELOG.md for 12.1.12

[ci skip]
author: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> 2019-09-27 02:06:22 +0300
committer: Yorick Peterse <yorick@yorickpeterse.com> 2019-09-30 15:22:04 +0300
commit: 1b4dd9c56add43808675c2bb2d5f6ce94e9d17ac (patch)
tree: 67f9a8f16964023c3c1ad5b366606b6f8254af3b /CHANGELOG.md
parent: 1141cdbf81f91f372a78286309c55020780a8504 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index e71ae5e207e..8a4c2fab541 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -631,6 +631,23 @@ entry.
 - Update Packer.gitlab-ci.yml to use latest image. (Kelly Hair)
 
 
+## 12.1.12
+
+### Security (11 changes)
+
+- Add a policy check for system notes that may not be visible due to cross references to private items.
+- Display only participants that user has permission to see on milestone page.
+- Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings.
+- Fix new project path being disclosed through unsubscribe link of issue/merge requests.
+- Prevent bypassing email verification using Salesforce.
+- Do not show resource label events referencing not accessible labels.
+- Cancel all running CI jobs triggered by the user who is just blocked.
+- Fix Gitaly SearchBlobs flag RPC injection.
+- Only render fixed number of mermaid blocks.
+- Prevent GitLab accounts takeover if SAML is configured.
+- Upgrade mermaid to prevent XSS.
+
+
 ## 12.1.10
 
 - No changes.
author	GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>	2019-09-27 02:06:22 +0300
committer	Yorick Peterse <yorick@yorickpeterse.com>	2019-09-30 15:22:04 +0300
commit	1b4dd9c56add43808675c2bb2d5f6ce94e9d17ac (patch)
tree	67f9a8f16964023c3c1ad5b366606b6f8254af3b /CHANGELOG.md
parent	1141cdbf81f91f372a78286309c55020780a8504 (diff)