diff options
| author | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2020-04-30 14:21:17 +0000 |
|---|---|---|
| committer | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2020-04-30 14:21:17 +0000 |
| commit | 62a87135ad5e07e766161abc701703aa353ae845 (patch) | |
| tree | f7e515f8715b234ab2eacd92dd7f09478838daca | |
| parent | 8fd8de432813228da9f52a21854825c2edc32a8d (diff) | |
| download | gitlab-ce-62a87135ad5e07e766161abc701703aa353ae845.tar.gz | |
Update CHANGELOG.md for 12.9.5
[ci skip]
| -rw-r--r-- | CHANGELOG.md | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 223fadfba69..9ae7ef425e7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -477,6 +477,21 @@ entry. - Remove store_mentions! in Snippets::CreateService. !29581 (Sashi Kumar) +## 12.9.5 (2020-04-30) + +### Security (9 changes) + +- Ensure MR diff exists before codeowner check. +- Apply CODEOWNERS validations to web requests. +- Prevent unauthorized access to default branch. +- Do not return private project ID without permission. +- Fix doorkeeper CVE-2020-10187. +- Prevent ES credentials leak. +- Change GitHub service integration token input to password. +- Return only safe urls for mirrors. +- Validate workhorse 'rewritten_fields' and properly use them during multipart uploads. + + ## 12.9.4 (2020-04-16) - No changes. |