diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-09-30 18:08:09 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-09-30 18:08:09 +0300 |
| commit | 538fff823de57d1ba5317961aa43091de9dc007f (patch) | |
| tree | c741665b338cc0d51ce5f73f5671e5eee8e69349 /CHANGELOG.md | |
| parent | 3692e9f8a23386c627942ca2a9edd8c00af7e904 (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'CHANGELOG.md')
| -rw-r--r-- | CHANGELOG.md | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 8a4c2fab541..c2ffec09cb2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,16 +4,18 @@ entry. ## 12.3.2 -### Security (10 changes) +### Security (12 changes) - Fix Gitaly SearchBlobs flag RPC injection. - Add a policy check for system notes that may not be visible due to cross references to private items. - Display only participants that user has permission to see on milestone page. - Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings. +- Check permissions before showing head pipeline blocking merge requests. - Fix new project path being disclosed through unsubscribe link of issue/merge requests. - Prevent bypassing email verification using Salesforce. - Do not show resource label events referencing not accessible labels. - Cancel all running CI jobs triggered by the user who is just blocked. +- Fix Gitaly SearchBlobs flag RPC injection. - Only render fixed number of mermaid blocks. - Prevent GitLab accounts takeover if SAML is configured. @@ -299,11 +301,12 @@ entry. ## 12.2.6 -### Security (10 changes) +### Security (11 changes) - Add a policy check for system notes that may not be visible due to cross references to private items. - Display only participants that user has permission to see on milestone page. - Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings. +- Check permissions before showing head pipeline blocking merge requests. - Fix new project path being disclosed through unsubscribe link of issue/merge requests. - Prevent bypassing email verification using Salesforce. - Do not show resource label events referencing not accessible labels. @@ -633,11 +636,12 @@ entry. ## 12.1.12 -### Security (11 changes) +### Security (12 changes) - Add a policy check for system notes that may not be visible due to cross references to private items. - Display only participants that user has permission to see on milestone page. - Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings. +- Check permissions before showing head pipeline blocking merge requests. - Fix new project path being disclosed through unsubscribe link of issue/merge requests. - Prevent bypassing email verification using Salesforce. - Do not show resource label events referencing not accessible labels. |