diff options
author | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2019-09-26 22:23:50 +0000 |
---|---|---|
committer | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2019-09-26 22:23:50 +0000 |
commit | fa496b6494e372ed6e6ad99d975d26fed12368c1 (patch) | |
tree | e5c3a0f631537bbfdb1a3fa731fd4561abf8e3b5 | |
parent | 40a93ab093364e618e074657b742d9daceace6cc (diff) | |
download | gitlab-ce-fa496b6494e372ed6e6ad99d975d26fed12368c1.tar.gz |
Update CHANGELOG.md for 12.3.2
[ci skip]
11 files changed, 16 insertions, 53 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index ed5264fae1e..ae76d31dd24 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,22 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 12.3.2 + +### Security (10 changes) + +- Fix Gitaly SearchBlobs flag RPC injection. +- Add a policy check for system notes that may not be visible due to cross references to private items. +- Display only participants that user has permission to see on milestone page. +- Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings. +- Fix new project path being disclosed through unsubscribe link of issue/merge requests. +- Prevent bypassing email verification using Salesforce. +- Do not show resource label events referencing not accessible labels. +- Cancel all running CI jobs triggered by the user who is just blocked. +- Only render fixed number of mermaid blocks. +- Prevent GitLab accounts takeover if SAML is configured. + + ## 12.3.1 ### Fixed (4 changes) diff --git a/changelogs/unreleased/12-3-stable.yml b/changelogs/unreleased/12-3-stable.yml deleted file mode 100644 index e532a8aba9f..00000000000 --- a/changelogs/unreleased/12-3-stable.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix Gitaly SearchBlobs flag RPC injection -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-12630-private-system-note-disclosed-in-graphql.yml b/changelogs/unreleased/security-12630-private-system-note-disclosed-in-graphql.yml deleted file mode 100644 index 03658c931a3..00000000000 --- a/changelogs/unreleased/security-12630-private-system-note-disclosed-in-graphql.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: Add a policy check for system notes that may not be visible due to cross references - to private items -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-12717-fix-confidential-issue-assignee-visible-to-guests.yml b/changelogs/unreleased/security-12717-fix-confidential-issue-assignee-visible-to-guests.yml deleted file mode 100644 index 574f9f8283c..00000000000 --- a/changelogs/unreleased/security-12717-fix-confidential-issue-assignee-visible-to-guests.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Display only participants that user has permission to see on milestone page -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-12718-project-milestones-disclosed-via-groups.yml b/changelogs/unreleased/security-12718-project-milestones-disclosed-via-groups.yml deleted file mode 100644 index 7625655cadd..00000000000 --- a/changelogs/unreleased/security-12718-project-milestones-disclosed-via-groups.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: Do not disclose project milestones on group milestones page when project milestones - access is disabled in project settings -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-64938-dont-disclose-path.yml b/changelogs/unreleased/security-64938-dont-disclose-path.yml deleted file mode 100644 index 0c858401233..00000000000 --- a/changelogs/unreleased/security-64938-dont-disclose-path.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: Fix new project path being disclosed through unsubscribe link of issue/merge - requests -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-bypass-email-verification-using-salesforce.yml b/changelogs/unreleased/security-bypass-email-verification-using-salesforce.yml deleted file mode 100644 index 20b841b68f8..00000000000 --- a/changelogs/unreleased/security-bypass-email-verification-using-salesforce.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent bypassing email verification using Salesforce -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-cross-reference-fix.yml b/changelogs/unreleased/security-cross-reference-fix.yml deleted file mode 100644 index 15d6509fd63..00000000000 --- a/changelogs/unreleased/security-cross-reference-fix.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Do not show resource label events referencing not accessible labels. -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-fp-stop-jobs-when-blocking-user.yml b/changelogs/unreleased/security-fp-stop-jobs-when-blocking-user.yml deleted file mode 100644 index 1bc4345d5b6..00000000000 --- a/changelogs/unreleased/security-fp-stop-jobs-when-blocking-user.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Cancel all running CI jobs triggered by the user who is just blocked -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-mermaid-block.yml b/changelogs/unreleased/security-mermaid-block.yml deleted file mode 100644 index 993e8cfec08..00000000000 --- a/changelogs/unreleased/security-mermaid-block.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Only render fixed number of mermaid blocks -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-sarcila-verify-saml-request-origin.yml b/changelogs/unreleased/security-sarcila-verify-saml-request-origin.yml deleted file mode 100644 index 9022bc8a26f..00000000000 --- a/changelogs/unreleased/security-sarcila-verify-saml-request-origin.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent GitLab accounts takeover if SAML is configured -merge_request: -author: -type: security |