summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>2019-06-27 12:08:51 +0000
committerGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>2019-06-27 12:08:51 +0000
commitdcca143e8b85593a6d93144f748f7e7df3af339d (patch)
tree43219e1efba0e82b2ea83851c4dd9d3b237d9f4a
parentbb771faec6ad7288d4596bf681fd5fc82368bd7f (diff)
downloadgitlab-ce-dcca143e8b85593a6d93144f748f7e7df3af339d.tar.gz
Update CHANGELOG.md for 12.0.3
[ci skip]
-rw-r--r--CHANGELOG.md16
1 files changed, 16 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4625685dc9a..f6a75cb74be 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,22 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
+## 12.0.3 (2019-06-27)
+
+### Security (10 changes)
+
+- Persist tmp snippet uploads at users.
+- Gate MR head_pipeline behind read_pipeline ability.
+- Fix DoS vulnerability in color validation regex.
+- Expose merge requests count based on user access.
+- Fix Denial of Service for comments when rendering issues/MR comments.
+- Add missing authorizations in GraphQL.
+- Disable Rails SQL query cache when applying service templates.
+- Prevent Billion Laughs attack.
+- Correctly check permissions when creating snippet notes.
+- Prevent the detection of merge request templates by unauthorized users.
+
+
## 12.0.2 (2019-06-25)
### Fixed (7 changes, 1 of them is from the community)