summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>2020-03-04 14:43:03 +0000
committerGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>2020-03-04 14:43:03 +0000
commit485f694691367dc77e5b955d3a6dd78be9728fde (patch)
tree75fe0afe20b4e786d8cdc4462e771bd34e3ecda5
parent16d42c68938c519e333b7ee32b9c17e6ac4fa437 (diff)
downloadgitlab-ce-485f694691367dc77e5b955d3a6dd78be9728fde.tar.gz
Update CHANGELOG.md for 12.7.7
[ci skip]
Diffstat
-rw-r--r--CHANGELOG.md23
-rw-r--r--changelogs/unreleased/199035-sharing_group_to_update_project_authorization.yml5
-rw-r--r--changelogs/unreleased/199415-sharing_group_to_respect_member_access_level.yml5
-rw-r--r--changelogs/unreleased/36805-confidential-issue.yml5
-rw-r--r--changelogs/unreleased/enfoce-group-member-2fa.yml5
-rw-r--r--changelogs/unreleased/security-49-xss-branch-names.yml5
-rw-r--r--changelogs/unreleased/security-709-secret-traversal.yml5
-rw-r--r--changelogs/unreleased/security-badge-camo.yml5
-rw-r--r--changelogs/unreleased/security-check-mr-permissions-for-pipeline-widget.yml5
-rw-r--r--changelogs/unreleased/security-deploy-token-registry-access.yml6
-rw-r--r--changelogs/unreleased/security-deprecate-lfs-link-service.yml5
-rw-r--r--changelogs/unreleased/security-disable-pipeline-webhook-recursion.yml5
-rw-r--r--changelogs/unreleased/security-expire-confirmation-token.yml5
-rw-r--r--changelogs/unreleased/security-grafana-stored-xss.yml5
-rw-r--r--changelogs/unreleased/security-graphql-diff-refs-empty-base-sha.yml5
-rw-r--r--changelogs/unreleased/security-pb-fix-xss-dependency-link.yml5
-rw-r--r--changelogs/unreleased/security-recalculate_project_authorizations_run_2.yml5
-rw-r--r--changelogs/unreleased/security-safe-sentry-error-culprit.yml5
18 files changed, 23 insertions, 86 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index eb47b8aaefe..1908a67a288 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,29 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
+## 12.7.7
+
+### Security (17 changes)
+
+- Update ProjectAuthorization when deleting or updating GroupGroupLink.
+- Respect member access level for group shares.
+- Prevent an endless checking loop for two merge requests targeting each other.
+- Update user 2fa when accepting a group invite.
+- Fix for XSS in branch names.
+- Prevent directory traversal through FileUploader.
+- Run project badge images through the asset proxy.
+- Check merge requests read permissions before showing them in the pipeline widget.
+- Update container registry authentication to account for login request when checking permissions.
+- Remove OID filtering during LFS imports.
+- Protect against denial of service using pipeline webhook recursion.
+- Expire account confirmation token.
+- Prevent XSS in admin grafana URL setting.
+- Don't require base_sha in DiffRefsType.
+- Sanitize output by dependency linkers.
+- Recalculate ProjectAuthorizations for all users.
+- Escape special chars in Sentry error header.
+
+
## 12.7.6
### Security (1 change)
diff --git a/changelogs/unreleased/199035-sharing_group_to_update_project_authorization.yml b/changelogs/unreleased/199035-sharing_group_to_update_project_authorization.yml
deleted file mode 100644
index 00d0b770296..00000000000
--- a/changelogs/unreleased/199035-sharing_group_to_update_project_authorization.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Update ProjectAuthorization when deleting or updating GroupGroupLink
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/199415-sharing_group_to_respect_member_access_level.yml b/changelogs/unreleased/199415-sharing_group_to_respect_member_access_level.yml
deleted file mode 100644
index bab1bf82dc0..00000000000
--- a/changelogs/unreleased/199415-sharing_group_to_respect_member_access_level.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Respect member access level for group shares
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/36805-confidential-issue.yml b/changelogs/unreleased/36805-confidential-issue.yml
deleted file mode 100644
index ea7b66b89db..00000000000
--- a/changelogs/unreleased/36805-confidential-issue.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent an endless checking loop for two merge requests targeting each other
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/enfoce-group-member-2fa.yml b/changelogs/unreleased/enfoce-group-member-2fa.yml
deleted file mode 100644
index 1e10f678eda..00000000000
--- a/changelogs/unreleased/enfoce-group-member-2fa.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Update user 2fa when accepting a group invite
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-49-xss-branch-names.yml b/changelogs/unreleased/security-49-xss-branch-names.yml
deleted file mode 100644
index d6ad72aa622..00000000000
--- a/changelogs/unreleased/security-49-xss-branch-names.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix for XSS in branch names
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-709-secret-traversal.yml b/changelogs/unreleased/security-709-secret-traversal.yml
deleted file mode 100644
index 33944712a20..00000000000
--- a/changelogs/unreleased/security-709-secret-traversal.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent directory traversal through FileUploader
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-badge-camo.yml b/changelogs/unreleased/security-badge-camo.yml
deleted file mode 100644
index b882bffdcaa..00000000000
--- a/changelogs/unreleased/security-badge-camo.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Run project badge images through the asset proxy
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-check-mr-permissions-for-pipeline-widget.yml b/changelogs/unreleased/security-check-mr-permissions-for-pipeline-widget.yml
deleted file mode 100644
index 009b205ee94..00000000000
--- a/changelogs/unreleased/security-check-mr-permissions-for-pipeline-widget.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Check merge requests read permissions before showing them in the pipeline widget
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-deploy-token-registry-access.yml b/changelogs/unreleased/security-deploy-token-registry-access.yml
deleted file mode 100644
index 3b7a0553b2e..00000000000
--- a/changelogs/unreleased/security-deploy-token-registry-access.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-title: Update container registry authentication to account for login request when
- checking permissions
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-deprecate-lfs-link-service.yml b/changelogs/unreleased/security-deprecate-lfs-link-service.yml
deleted file mode 100644
index 79bc69414eb..00000000000
--- a/changelogs/unreleased/security-deprecate-lfs-link-service.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Remove OID filtering during LFS imports
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-disable-pipeline-webhook-recursion.yml b/changelogs/unreleased/security-disable-pipeline-webhook-recursion.yml
deleted file mode 100644
index a3491c1d42a..00000000000
--- a/changelogs/unreleased/security-disable-pipeline-webhook-recursion.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Protect against denial of service using pipeline webhook recursion
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-expire-confirmation-token.yml b/changelogs/unreleased/security-expire-confirmation-token.yml
deleted file mode 100644
index 40d8063c409..00000000000
--- a/changelogs/unreleased/security-expire-confirmation-token.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Expire account confirmation token
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-grafana-stored-xss.yml b/changelogs/unreleased/security-grafana-stored-xss.yml
deleted file mode 100644
index 5a98c6fd7ff..00000000000
--- a/changelogs/unreleased/security-grafana-stored-xss.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent XSS in admin grafana URL setting
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-graphql-diff-refs-empty-base-sha.yml b/changelogs/unreleased/security-graphql-diff-refs-empty-base-sha.yml
deleted file mode 100644
index ba7906f72a8..00000000000
--- a/changelogs/unreleased/security-graphql-diff-refs-empty-base-sha.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Don't require base_sha in DiffRefsType
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-pb-fix-xss-dependency-link.yml b/changelogs/unreleased/security-pb-fix-xss-dependency-link.yml
deleted file mode 100644
index a4726c3861a..00000000000
--- a/changelogs/unreleased/security-pb-fix-xss-dependency-link.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Sanitize output by dependency linkers
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-recalculate_project_authorizations_run_2.yml b/changelogs/unreleased/security-recalculate_project_authorizations_run_2.yml
deleted file mode 100644
index ee2039806b6..00000000000
--- a/changelogs/unreleased/security-recalculate_project_authorizations_run_2.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Recalculate ProjectAuthorizations for all users
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-safe-sentry-error-culprit.yml b/changelogs/unreleased/security-safe-sentry-error-culprit.yml
deleted file mode 100644
index 4261e2aa5dd..00000000000
--- a/changelogs/unreleased/security-safe-sentry-error-culprit.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Escape special chars in Sentry error header
-merge_request:
-author:
-type: security
View Lorry Controller Status