Update CHANGELOG.md for 12.8.10

[ci skip]
author: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> 2020-04-30 14:24:14 +0000
committer: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> 2020-04-30 14:24:14 +0000
commit: b44c16511571f1f6ee9f1c9bde468b6bbfffbc91 (patch)
tree: 92795a42e3e511b3e430ef4396a734b4e006f335
parent: 62a87135ad5e07e766161abc701703aa353ae845 (diff)
download: gitlab-ce-b44c16511571f1f6ee9f1c9bde468b6bbfffbc91.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9ae7ef425e7..c12ef304111 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1010,6 +1010,19 @@ entry.
 - Improvement in token reference.
 
 
+## 12.8.10 (2020-04-30)
+
+### Security (7 changes)
+
+- Ensure MR diff exists before codeowner check.
+- Prevent unauthorized access to default branch.
+- Do not return private project ID without permission.
+- Fix doorkeeper CVE-2020-10187.
+- Prevent ES credentials leak.
+- Return only safe urls for mirrors.
+- Validate workhorse 'rewritten_fields' and properly use them during multipart uploads.
+
+
 ## 12.8.9 (2020-04-14)
 
 ### Security (3 changes)
author	GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>	2020-04-30 14:24:14 +0000
committer	GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>	2020-04-30 14:24:14 +0000
commit	b44c16511571f1f6ee9f1c9bde468b6bbfffbc91 (patch)
tree	92795a42e3e511b3e430ef4396a734b4e006f335
parent	62a87135ad5e07e766161abc701703aa353ae845 (diff)
download	gitlab-ce-b44c16511571f1f6ee9f1c9bde468b6bbfffbc91.tar.gz