From 156529780508bbca3221c822e4a6a6faa8f5eb88 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Tue, 28 Jan 2020 22:31:39 +0000 Subject: Update CHANGELOG.md for 12.6.5 [ci skip] --- CHANGELOG.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index 5ce73eb8895..5f591e97b21 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -359,6 +359,31 @@ entry. - Update the Net-LDAP gem to 0.16.2. +## 12.6.5 + +### Security (19 changes, 1 of them is from the community) + +- Update rack-cors to 1.0.6. +- Update rdoc to 6.1.2. +- Bump rubyzip to 2.0.0. (Utkarsh Gupta) +- Cleanup todos for users from a removed linked group. +- Disable access to last_pipeline in commits API for users without read permissions. +- Add constraint to group dependency proxy endpoint param. +- Limit number of AsciiDoc includes per document. +- Prevent API access for unconfirmed users. +- Enforce permission check when counting activity events. +- Prevent gafana integration token from being displayed as a plain text to other project maintainers, by only displaying a masked version of it. +- Fix xss on frequent groups dropdown. +- Fix XSS vulnerability on custom project templates form. +- Protect internal CI builds from external overrides. +- ImportExport::ExportService to require admin_project permission. +- Make sure that only system notes where all references are visible to user are exposed in GraphQL API. +- Disable caching of repository/files/:file_path/raw API endpoint. +- Make cross-repository comparisons happen in the source repository. +- Update excon to 0.71.1 to fix CVE-2019-16779. +- Add workhorse request verification to package upload endpoints. + + ## 12.6.4 ### Security (1 change) -- cgit v1.2.3