diff options
| author | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2019-11-26 17:12:48 +0000 |
|---|---|---|
| committer | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2019-11-26 17:12:48 +0000 |
| commit | dcc08c0d671893702bed7a9346982a2586c77d8f (patch) | |
| tree | 474158c58ab4306b024b3e6816ced902175655e0 | |
| parent | 1fdceefabdb551523502dd79dc0e0eb67e96e520 (diff) | |
| download | gitlab-ce-dcc08c0d671893702bed7a9346982a2586c77d8f.tar.gz | |
Update CHANGELOG.md for 12.3.7
[ci skip]
10 files changed, 15 insertions, 46 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 0f3c30f6044..1aee61808c9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,21 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 12.3.7 + +### Security (9 changes) + +- Check permissions before showing a forked project's source. +- Encrypt application setting tokens. +- Update Workhorse and Gitaly to fix a security issue. +- Hide commit counts from guest users in Cycle Analytics. +- Limit potential for DNS rebind SSRF in chat notifications. +- Fix 500 error caused by invalid byte sequences in links. +- Ensure are cleaned by ImportExport::AttributeCleaner. +- Remove notes regarding Related Branches from Issue activity feeds for guest users. +- Escape namespace in label references to prevent XSS. + + ## 12.3.6 ### Security (15 changes) diff --git a/changelogs/unreleased/security-28802-respect-fork-parent-visibility-ee.yml b/changelogs/unreleased/security-28802-respect-fork-parent-visibility-ee.yml deleted file mode 100644 index 8872b73a0cc..00000000000 --- a/changelogs/unreleased/security-28802-respect-fork-parent-visibility-ee.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Check permissions before showing a forked project's source -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-2943-encrypt-plaintext-tokens.yml b/changelogs/unreleased/security-2943-encrypt-plaintext-tokens.yml deleted file mode 100644 index d040565da73..00000000000 --- a/changelogs/unreleased/security-2943-encrypt-plaintext-tokens.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Encrypt application setting tokens -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-29660-update-dependencies-12-3-ee.yml b/changelogs/unreleased/security-29660-update-dependencies-12-3-ee.yml deleted file mode 100644 index 283d951e69e..00000000000 --- a/changelogs/unreleased/security-29660-update-dependencies-12-3-ee.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Update Workhorse and Gitaly to fix a security issue -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-ag-cycle-analytics-guest-permissions.yml b/changelogs/unreleased/security-ag-cycle-analytics-guest-permissions.yml deleted file mode 100644 index c7a3b8923cd..00000000000 --- a/changelogs/unreleased/security-ag-cycle-analytics-guest-permissions.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Hide commit counts from guest users in Cycle Analytics. -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-dns-rebind-ssrf-in-slack-notifications.yml b/changelogs/unreleased/security-dns-rebind-ssrf-in-slack-notifications.yml deleted file mode 100644 index 5f9713ef844..00000000000 --- a/changelogs/unreleased/security-dns-rebind-ssrf-in-slack-notifications.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Limit potential for DNS rebind SSRF in chat notifications -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-dos-issue-and-commit-comments-master.yml b/changelogs/unreleased/security-dos-issue-and-commit-comments-master.yml deleted file mode 100644 index c84cebdcca0..00000000000 --- a/changelogs/unreleased/security-dos-issue-and-commit-comments-master.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix 500 error caused by invalid byte sequences in links -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-exclude_ids_attribute_cleaning.yml b/changelogs/unreleased/security-exclude_ids_attribute_cleaning.yml deleted file mode 100644 index 08fc1393f20..00000000000 --- a/changelogs/unreleased/security-exclude_ids_attribute_cleaning.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Ensure are cleaned by ImportExport::AttributeCleaner -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-filter-related-branches-from-activity-feed.yml b/changelogs/unreleased/security-filter-related-branches-from-activity-feed.yml deleted file mode 100644 index 78d87ef37a5..00000000000 --- a/changelogs/unreleased/security-filter-related-branches-from-activity-feed.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: Remove notes regarding Related Branches from Issue activity feeds for guest - users -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-fix-xss-in-label-namespace.yml b/changelogs/unreleased/security-fix-xss-in-label-namespace.yml deleted file mode 100644 index 342cf3e68cb..00000000000 --- a/changelogs/unreleased/security-fix-xss-in-label-namespace.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Escape namespace in label references to prevent XSS -merge_request: -author: -type: security |