Update CHANGELOG.md for 12.1.2

[ci skip]
author: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> 2019-07-25 08:22:38 +0000
committer: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> 2019-07-25 08:22:38 +0000
commit: 85104fc81f7663fb77114cc6bf99ca095adf7701 (patch)
tree: 75f0ceca67c3d599b8ff41e2abcc1fe7962a1c8d
parent: 6a5d2df3ee53df8d7df84a46c408e4c1fa341f0b (diff)
download: gitlab-ce-85104fc81f7663fb77114cc6bf99ca095adf7701.tar.gz
1 files changed, 15 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3ed244b7ed2..0610228127d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,21 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 12.1.2
+
+### Security (9 changes)
+
+- Restrict slash commands to users who can log in.
+- Patch XSS issue in wiki links.
+- Queries for Upload should be scoped by model.
+- Filter merge request params on the new merge request page.
+- Fix Server Side Request Forgery mitigation bypass.
+- Show badges if pipelines are public otherwise default to project permissions.
+- Do not allow localhost url redirection in GitHub Integration.
+- Do not show moved issue id for users that cannot read issue.
+- Drop feature to take ownership of trigger token.
+
+
 ## 12.1.1
 
 - No changes.
author	GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>	2019-07-25 08:22:38 +0000
committer	GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>	2019-07-25 08:22:38 +0000
commit	85104fc81f7663fb77114cc6bf99ca095adf7701 (patch)
tree	75f0ceca67c3d599b8ff41e2abcc1fe7962a1c8d
parent	6a5d2df3ee53df8d7df84a46c408e4c1fa341f0b (diff)
download	gitlab-ce-85104fc81f7663fb77114cc6bf99ca095adf7701.tar.gz