summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>2020-04-30 14:24:12 +0000
committerGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>2020-04-30 14:24:12 +0000
commitd88dd48a55c2fb4d6b54779374da84f59aa4462c (patch)
tree564a4b7b2f1919272efadcd8f08333546987405c
parenta38f85dd6704c5282299fa438d4687c28dc0c76e (diff)
downloadgitlab-ce-d88dd48a55c2fb4d6b54779374da84f59aa4462c.tar.gz
Update CHANGELOG.md for 12.8.10
[ci skip]
-rw-r--r--CHANGELOG.md13
-rw-r--r--changelogs/unreleased/bug-codeowner-diffs.yml5
-rw-r--r--changelogs/unreleased/security-branch-permissions.yml5
-rw-r--r--changelogs/unreleased/security-file-template-project-12-9.yml5
-rw-r--r--changelogs/unreleased/security-fix-CVE-2020-10187.yml5
-rw-r--r--changelogs/unreleased/security-fix-es-credentials-leak.yml5
-rw-r--r--changelogs/unreleased/security-mirror-urls.yml5
-rw-r--r--changelogs/unreleased/security-validate-use-propery-workhorse-rewritten-fields-for-multipart-up.yml6
8 files changed, 13 insertions, 36 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index ff03f9761f4..3ce447881d7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,19 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
+## 12.8.10 (2020-04-30)
+
+### Security (7 changes)
+
+- Ensure MR diff exists before codeowner check.
+- Prevent unauthorized access to default branch.
+- Do not return private project ID without permission.
+- Fix doorkeeper CVE-2020-10187.
+- Prevent ES credentials leak.
+- Return only safe urls for mirrors.
+- Validate workhorse 'rewritten_fields' and properly use them during multipart uploads.
+
+
## 12.8.9 (2020-04-14)
### Security (3 changes)
diff --git a/changelogs/unreleased/bug-codeowner-diffs.yml b/changelogs/unreleased/bug-codeowner-diffs.yml
deleted file mode 100644
index 996628240ab..00000000000
--- a/changelogs/unreleased/bug-codeowner-diffs.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Ensure MR diff exists before codeowner check
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-branch-permissions.yml b/changelogs/unreleased/security-branch-permissions.yml
deleted file mode 100644
index 6b8abe3eda6..00000000000
--- a/changelogs/unreleased/security-branch-permissions.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent unauthorized access to default branch
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-file-template-project-12-9.yml b/changelogs/unreleased/security-file-template-project-12-9.yml
deleted file mode 100644
index ca4c88f20a6..00000000000
--- a/changelogs/unreleased/security-file-template-project-12-9.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Do not return private project ID without permission
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-fix-CVE-2020-10187.yml b/changelogs/unreleased/security-fix-CVE-2020-10187.yml
deleted file mode 100644
index 5510f3dc5fb..00000000000
--- a/changelogs/unreleased/security-fix-CVE-2020-10187.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix doorkeeper CVE-2020-10187
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-fix-es-credentials-leak.yml b/changelogs/unreleased/security-fix-es-credentials-leak.yml
deleted file mode 100644
index 1278954104b..00000000000
--- a/changelogs/unreleased/security-fix-es-credentials-leak.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent ES credentials leak
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-mirror-urls.yml b/changelogs/unreleased/security-mirror-urls.yml
deleted file mode 100644
index 774fe7758f7..00000000000
--- a/changelogs/unreleased/security-mirror-urls.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Return only safe urls for mirrors
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-validate-use-propery-workhorse-rewritten-fields-for-multipart-up.yml b/changelogs/unreleased/security-validate-use-propery-workhorse-rewritten-fields-for-multipart-up.yml
deleted file mode 100644
index e28a8180d59..00000000000
--- a/changelogs/unreleased/security-validate-use-propery-workhorse-rewritten-fields-for-multipart-up.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-title: Validate workhorse 'rewritten_fields' and properly use them during multipart
- uploads
-merge_request:
-author:
-type: security