diff options
author | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2020-04-30 14:24:14 +0000 |
---|---|---|
committer | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2020-04-30 14:24:14 +0000 |
commit | b44c16511571f1f6ee9f1c9bde468b6bbfffbc91 (patch) | |
tree | 92795a42e3e511b3e430ef4396a734b4e006f335 | |
parent | 62a87135ad5e07e766161abc701703aa353ae845 (diff) | |
download | gitlab-ce-b44c16511571f1f6ee9f1c9bde468b6bbfffbc91.tar.gz |
Update CHANGELOG.md for 12.8.10
[ci skip]
-rw-r--r-- | CHANGELOG.md | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 9ae7ef425e7..c12ef304111 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1010,6 +1010,19 @@ entry. - Improvement in token reference. +## 12.8.10 (2020-04-30) + +### Security (7 changes) + +- Ensure MR diff exists before codeowner check. +- Prevent unauthorized access to default branch. +- Do not return private project ID without permission. +- Fix doorkeeper CVE-2020-10187. +- Prevent ES credentials leak. +- Return only safe urls for mirrors. +- Validate workhorse 'rewritten_fields' and properly use them during multipart uploads. + + ## 12.8.9 (2020-04-14) ### Security (3 changes) |