diff options
author | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2020-03-26 12:17:40 +0000 |
---|---|---|
committer | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2020-03-26 12:17:40 +0000 |
commit | e9aea5b25facd7ce56568a25cef537a9dbc83f28 (patch) | |
tree | 828eb275f9eb10148b051b9c420f54e5029d59ee | |
parent | 729e3765d5feb762df1ccfbc228a8dd4662aa3f9 (diff) | |
download | gitlab-ce-e9aea5b25facd7ce56568a25cef537a9dbc83f28.tar.gz |
Update CHANGELOG.md for 12.9.1
[ci skip]
-rw-r--r-- | CHANGELOG.md | 26 | ||||
-rw-r--r-- | changelogs/unreleased/212178-fix-authorized-keys-worker.yml | 5 |
2 files changed, 26 insertions, 5 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index cf9105114c0..f5d55efc24a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,32 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 12.9.1 (2020-03-26) + +### Security (16 changes) + +- Add permission check for pipeline status of MR. +- Ignore empty remote_id params from Workhorse accelerated uploads. +- External user can not create personal snippet through API. +- Prevent malicious entry for group name. +- Restrict mirroring changes to admins only when mirroring is disabled. +- Reject all container registry requests from blocked users. +- Deny localhost requests on fogbugz importer. +- Redact notes in moved confidential issues. +- Fix UploadRewriter Path Traversal vulnerability. +- Block hotlinking to repository archives. +- Restrict access to project pipeline metrics reports. +- vulnerability_feedback records should be restricted to a dev role and above. +- Exclude Carrierwave remote URL methods from import. +- Update Nokogiri to fix CVE-2020-7595. +- Prevent updating trigger by other maintainers. +- Fix XSS vulnerability in `admin/email` "Recipient Group" dropdown. + +### Fixed (1 change) + +- Fix updating the authorized_keys file. !27798 + + ## 12.9.0 (2020-03-22) ### Security (1 change) diff --git a/changelogs/unreleased/212178-fix-authorized-keys-worker.yml b/changelogs/unreleased/212178-fix-authorized-keys-worker.yml deleted file mode 100644 index a95f2e0e71a..00000000000 --- a/changelogs/unreleased/212178-fix-authorized-keys-worker.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix updating the authorized_keys file -merge_request: 27798 -author: -type: fixed |