diff options
| author | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2020-01-02 15:05:13 +0000 |
|---|---|---|
| committer | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2020-01-02 15:05:13 +0000 |
| commit | 2fb568335e933a3c90d8a0ace593e5d77697e468 (patch) | |
| tree | 4279fff2099db8caacfadc0ef962f9c2a4f5898d | |
| parent | 493cb38db1fc08f2c8cb3bb18a8ef2199eb76e02 (diff) | |
| download | gitlab-ce-2fb568335e933a3c90d8a0ace593e5d77697e468.tar.gz | |
Update CHANGELOG.md for 12.6.2
[ci skip]
7 files changed, 12 insertions, 30 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 2336cddc352..8fb44fa826d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,18 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 12.6.2 + +### Security (6 changes) + +- GraphQL: Add timeout to all queries. +- Filter out notification settings for projects that a user does not have at least read access. +- Hide project name and path when unsusbcribing from an issue or merge request. +- Fix 500 error caused by invalid byte sequences in uploads links. +- Return only runners from groups where user is owner for user CI owned runners. +- Fix Vulnerability of Release Evidence. + + ## 12.6.1 ### Fixed (2 changes) diff --git a/changelogs/unreleased/security-11-graphql-timeout.yml b/changelogs/unreleased/security-11-graphql-timeout.yml deleted file mode 100644 index 1d06aaced9d..00000000000 --- a/changelogs/unreleased/security-11-graphql-timeout.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: 'GraphQL: Add timeout to all queries' -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-29983-private-project-name-exposed.yml b/changelogs/unreleased/security-29983-private-project-name-exposed.yml deleted file mode 100644 index 2cae417ec1d..00000000000 --- a/changelogs/unreleased/security-29983-private-project-name-exposed.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Filter out notification settings for projects that a user does not have at least read access -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-34072-project-name-disclosed.yml b/changelogs/unreleased/security-34072-project-name-disclosed.yml deleted file mode 100644 index f14c7728273..00000000000 --- a/changelogs/unreleased/security-34072-project-name-disclosed.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Hide project name and path when unsusbcribing from an issue or merge request -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-fix-invalid-byte-sequence-upload-links-master.yml b/changelogs/unreleased/security-fix-invalid-byte-sequence-upload-links-master.yml deleted file mode 100644 index afe48b448b0..00000000000 --- a/changelogs/unreleased/security-fix-invalid-byte-sequence-upload-links-master.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix 500 error caused by invalid byte sequences in uploads links -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-master-mc-api-runner-owner-permissions.yml b/changelogs/unreleased/security-master-mc-api-runner-owner-permissions.yml deleted file mode 100644 index 2f23dbf7b9f..00000000000 --- a/changelogs/unreleased/security-master-mc-api-runner-owner-permissions.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Return only runners from groups where user is owner for user CI owned runners. -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-vulnerable-evidence-12-7.yml b/changelogs/unreleased/security-vulnerable-evidence-12-7.yml deleted file mode 100644 index 9a7cdeeddb4..00000000000 --- a/changelogs/unreleased/security-vulnerable-evidence-12-7.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix Vulnerability of Release Evidence -merge_request: -author: -type: security |