From 4a650a2b4ea11e3bbe9020ac7de1da5e718ce1d0 Mon Sep 17 00:00:00 2001
From: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Date: Thu, 30 Apr 2020 14:14:19 +0000
Subject: Update CHANGELOG.md for 12.10.2

[ci skip]
---
 CHANGELOG.md                                               | 14 ++++++++++++++
 changelogs/unreleased/bug-codeowner-diffs.yml              |  5 -----
 .../security-apply-codeowners-checks-to-web_ui.yml         |  5 -----
 changelogs/unreleased/security-branch-permissions.yml      |  5 -----
 changelogs/unreleased/security-file-template-project.yml   |  5 -----
 changelogs/unreleased/security-fix-CVE-2020-10187.yml      |  5 -----
 .../unreleased/security-mask-gh-service-password.yml       |  5 -----
 changelogs/unreleased/security-mirror-urls.yml             |  5 -----
 ...propery-workhorse-rewritten-fields-for-multipart-up.yml |  6 ------
 9 files changed, 14 insertions(+), 41 deletions(-)
 delete mode 100644 changelogs/unreleased/bug-codeowner-diffs.yml
 delete mode 100644 changelogs/unreleased/security-apply-codeowners-checks-to-web_ui.yml
 delete mode 100644 changelogs/unreleased/security-branch-permissions.yml
 delete mode 100644 changelogs/unreleased/security-file-template-project.yml
 delete mode 100644 changelogs/unreleased/security-fix-CVE-2020-10187.yml
 delete mode 100644 changelogs/unreleased/security-mask-gh-service-password.yml
 delete mode 100644 changelogs/unreleased/security-mirror-urls.yml
 delete mode 100644 changelogs/unreleased/security-validate-use-propery-workhorse-rewritten-fields-for-multipart-up.yml

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 48a55ff660d..223fadfba69 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,20 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 12.10.2 (2020-04-30)
+
+### Security (8 changes)
+
+- Ensure MR diff exists before codeowner check.
+- Apply CODEOWNERS validations to web requests.
+- Prevent unauthorized access to default branch.
+- Do not return private project ID without permission.
+- Fix doorkeeper CVE-2020-10187.
+- Change GitHub service integration token input to password.
+- Return only safe urls for mirrors.
+- Validate workhorse 'rewritten_fields' and properly use them during multipart uploads.
+
+
 ## 12.10.1 (2020-04-24)
 
 ### Fixed (5 changes)
diff --git a/changelogs/unreleased/bug-codeowner-diffs.yml b/changelogs/unreleased/bug-codeowner-diffs.yml
deleted file mode 100644
index 996628240ab..00000000000
--- a/changelogs/unreleased/bug-codeowner-diffs.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Ensure MR diff exists before codeowner check
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-apply-codeowners-checks-to-web_ui.yml b/changelogs/unreleased/security-apply-codeowners-checks-to-web_ui.yml
deleted file mode 100644
index a6a9235795e..00000000000
--- a/changelogs/unreleased/security-apply-codeowners-checks-to-web_ui.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Apply CODEOWNERS validations to web requests
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-branch-permissions.yml b/changelogs/unreleased/security-branch-permissions.yml
deleted file mode 100644
index 6b8abe3eda6..00000000000
--- a/changelogs/unreleased/security-branch-permissions.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent unauthorized access to default branch
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-file-template-project.yml b/changelogs/unreleased/security-file-template-project.yml
deleted file mode 100644
index ca4c88f20a6..00000000000
--- a/changelogs/unreleased/security-file-template-project.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Do not return private project ID without permission
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-fix-CVE-2020-10187.yml b/changelogs/unreleased/security-fix-CVE-2020-10187.yml
deleted file mode 100644
index 5510f3dc5fb..00000000000
--- a/changelogs/unreleased/security-fix-CVE-2020-10187.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix doorkeeper CVE-2020-10187
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-mask-gh-service-password.yml b/changelogs/unreleased/security-mask-gh-service-password.yml
deleted file mode 100644
index cabbee204eb..00000000000
--- a/changelogs/unreleased/security-mask-gh-service-password.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Change GitHub service integration token input to password
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-mirror-urls.yml b/changelogs/unreleased/security-mirror-urls.yml
deleted file mode 100644
index 774fe7758f7..00000000000
--- a/changelogs/unreleased/security-mirror-urls.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Return only safe urls for mirrors
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-validate-use-propery-workhorse-rewritten-fields-for-multipart-up.yml b/changelogs/unreleased/security-validate-use-propery-workhorse-rewritten-fields-for-multipart-up.yml
deleted file mode 100644
index e28a8180d59..00000000000
--- a/changelogs/unreleased/security-validate-use-propery-workhorse-rewritten-fields-for-multipart-up.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-title: Validate workhorse 'rewritten_fields' and properly use them during multipart
-  uploads
-merge_request:
-author:
-type: security
-- 
cgit v1.2.3