Update CHANGELOG.md for 12.0.3

[ci skip]
author: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> 2019-06-27 12:08:51 +0000
committer: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> 2019-06-27 12:08:51 +0000
commit: dcca143e8b85593a6d93144f748f7e7df3af339d (patch)
tree: 43219e1efba0e82b2ea83851c4dd9d3b237d9f4a /CHANGELOG.md
parent: bb771faec6ad7288d4596bf681fd5fc82368bd7f (diff)
download: gitlab-ce-dcca143e8b85593a6d93144f748f7e7df3af339d.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4625685dc9a..f6a75cb74be 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,22 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 12.0.3 (2019-06-27)
+
+### Security (10 changes)
+
+- Persist tmp snippet uploads at users.
+- Gate MR head_pipeline behind read_pipeline ability.
+- Fix DoS vulnerability in color validation regex.
+- Expose merge requests count based on user access.
+- Fix Denial of Service for comments when rendering issues/MR comments.
+- Add missing authorizations in GraphQL.
+- Disable Rails SQL query cache when applying service templates.
+- Prevent Billion Laughs attack.
+- Correctly check permissions when creating snippet notes.
+- Prevent the detection of merge request templates by unauthorized users.
+
+
 ## 12.0.2 (2019-06-25)
 
 ### Fixed (7 changes, 1 of them is from the community)
author	GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>	2019-06-27 12:08:51 +0000
committer	GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>	2019-06-27 12:08:51 +0000
commit	dcca143e8b85593a6d93144f748f7e7df3af339d (patch)
tree	43219e1efba0e82b2ea83851c4dd9d3b237d9f4a /CHANGELOG.md
parent	bb771faec6ad7288d4596bf681fd5fc82368bd7f (diff)
download	gitlab-ce-dcca143e8b85593a6d93144f748f7e7df3af339d.tar.gz