diff options
author | Mayra Cabrera <mcabrera@gitlab.com> | 2020-03-04 14:04:07 -0600 |
---|---|---|
committer | Mayra Cabrera <mcabrera@gitlab.com> | 2020-03-04 14:04:07 -0600 |
commit | 42ca24aa5bbab7a2d43bc866d9bee9876941cea2 (patch) | |
tree | ac64049e4022b4bbd817bb30c087f4241f08083d | |
parent | d3fc3be040a4fed2328e23ef28696dd8bd8238b4 (diff) | |
parent | cef5faeaef2e11ff2095d9e0f36390a20ba4f649 (diff) | |
download | gitlab-ce-42ca24aa5bbab7a2d43bc866d9bee9876941cea2.tar.gz |
Merge remote-tracking branch 'dev/master'
-rw-r--r-- | CHANGELOG.md | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index f50be96ac50..e0493d54fc8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,33 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 12.8.2 + +### Security (17 changes) + +- Update container registry authentication to account for login request when checking permissions. +- Update ProjectAuthorization when deleting or updating GroupGroupLink. +- Prevent an endless checking loop for two merge requests targeting each other. +- Update user 2fa when accepting a group invite. +- Fix for XSS in branch names. +- Prevent directory traversal through FileUploader. +- Run project badge images through the asset proxy. +- Check merge requests read permissions before showing them in the pipeline widget. +- Respect member access level for group shares. +- Remove OID filtering during LFS imports. +- Protect against denial of service using pipeline webhook recursion. +- Expire account confirmation token. +- Prevent XSS in admin grafana URL setting. +- Don't require base_sha in DiffRefsType. +- Sanitize output by dependency linkers. +- Recalculate ProjectAuthorizations for all users. +- Escape special chars in Sentry error header. + +### Other (1 change, 1 of them is from the community) + +- Fix fixtures for Error Tracking Web UI. !26233 (Takuya Noguchi) + + ## 12.8.1 ### Fixed (5 changes) |