diff options
author | John T Skarbek <jskarbek@gitlab.com> | 2020-04-30 15:57:50 -0400 |
---|---|---|
committer | John T Skarbek <jskarbek@gitlab.com> | 2020-04-30 15:57:50 -0400 |
commit | adafb996ef88da50b30c737cdb8caee8307ec6d6 (patch) | |
tree | 475f8330b0f9891eb748eded6939b83d21ddb40d | |
parent | 028bb5dda7abc9ec76f21ae8e691825b4673f733 (diff) | |
parent | b44c16511571f1f6ee9f1c9bde468b6bbfffbc91 (diff) | |
download | gitlab-ce-adafb996ef88da50b30c737cdb8caee8307ec6d6.tar.gz |
Merge remote-tracking branch 'dev/master'
-rw-r--r-- | CHANGELOG.md | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 48a55ff660d..c12ef304111 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,20 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 12.10.2 (2020-04-30) + +### Security (8 changes) + +- Ensure MR diff exists before codeowner check. +- Apply CODEOWNERS validations to web requests. +- Prevent unauthorized access to default branch. +- Do not return private project ID without permission. +- Fix doorkeeper CVE-2020-10187. +- Change GitHub service integration token input to password. +- Return only safe urls for mirrors. +- Validate workhorse 'rewritten_fields' and properly use them during multipart uploads. + + ## 12.10.1 (2020-04-24) ### Fixed (5 changes) @@ -463,6 +477,21 @@ entry. - Remove store_mentions! in Snippets::CreateService. !29581 (Sashi Kumar) +## 12.9.5 (2020-04-30) + +### Security (9 changes) + +- Ensure MR diff exists before codeowner check. +- Apply CODEOWNERS validations to web requests. +- Prevent unauthorized access to default branch. +- Do not return private project ID without permission. +- Fix doorkeeper CVE-2020-10187. +- Prevent ES credentials leak. +- Change GitHub service integration token input to password. +- Return only safe urls for mirrors. +- Validate workhorse 'rewritten_fields' and properly use them during multipart uploads. + + ## 12.9.4 (2020-04-16) - No changes. @@ -981,6 +1010,19 @@ entry. - Improvement in token reference. +## 12.8.10 (2020-04-30) + +### Security (7 changes) + +- Ensure MR diff exists before codeowner check. +- Prevent unauthorized access to default branch. +- Do not return private project ID without permission. +- Fix doorkeeper CVE-2020-10187. +- Prevent ES credentials leak. +- Return only safe urls for mirrors. +- Validate workhorse 'rewritten_fields' and properly use them during multipart uploads. + + ## 12.8.9 (2020-04-14) ### Security (3 changes) |