diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-02-20 12:52:10 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-02-20 12:52:10 +0000 |
commit | dba864470fbcbb6bdd5b94eb510acdce62c962d8 (patch) | |
tree | e8ead0b84e7b814f5891d2c8cd3db2d6b635fb64 /CHANGELOG.md | |
parent | b7d29500f28ff59c8898cdf889a40d3da908f162 (diff) | |
download | gitlab-ce-dba864470fbcbb6bdd5b94eb510acdce62c962d8.tar.gz |
Add latest changes from gitlab-org/gitlab@12-8-stable-ee
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r-- | CHANGELOG.md | 86 |
1 files changed, 68 insertions, 18 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index eb47b8aaefe..3ca1b6b9f7f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,13 +2,6 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. -## 12.7.6 - -### Security (1 change) - -- Fix ProjectAuthorization calculation for shared groups. - - ## 12.7.5 ### Fixed (4 changes, 1 of them is from the community) @@ -19,13 +12,6 @@ entry. - Remove invalid data from issue_tracker_data table. -## 12.7.4 - -### Security (1 change) - -- Update workhorse to v8.20.0. - - ## 12.7.3 ### Security (17 changes, 1 of them is from the community) @@ -49,10 +35,6 @@ entry. - Add workhorse request verification to package upload endpoints. -## 12.7.2 - -- No changes. - ## 12.7.1 ### Fixed (6 changes) @@ -387,6 +369,45 @@ entry. - Update the Net-LDAP gem to 0.16.2. +## 12.6.7 + +### Security (1 change) + +- Fix ProjectAuthorization calculation for shared groups. + + +## 12.6.6 + +### Security (1 change) + +- Update workhorse to v8.20.0. + + +## 12.6.5 + +### Security (19 changes, 1 of them is from the community) + +- Update rack-cors to 1.0.6. +- Update rdoc to 6.1.2. +- Bump rubyzip to 2.0.0. (Utkarsh Gupta) +- Cleanup todos for users from a removed linked group. +- Disable access to last_pipeline in commits API for users without read permissions. +- Add constraint to group dependency proxy endpoint param. +- Limit number of AsciiDoc includes per document. +- Prevent API access for unconfirmed users. +- Enforce permission check when counting activity events. +- Prevent gafana integration token from being displayed as a plain text to other project maintainers, by only displaying a masked version of it. +- Fix xss on frequent groups dropdown. +- Fix XSS vulnerability on custom project templates form. +- Protect internal CI builds from external overrides. +- ImportExport::ExportService to require admin_project permission. +- Make sure that only system notes where all references are visible to user are exposed in GraphQL API. +- Disable caching of repository/files/:file_path/raw API endpoint. +- Make cross-repository comparisons happen in the source repository. +- Update excon to 0.71.1 to fix CVE-2019-16779. +- Add workhorse request verification to package upload endpoints. + + ## 12.6.4 ### Security (1 change) @@ -807,6 +828,35 @@ entry. - Replace Font Awesome bullhorn icon with GitLab bullhorn icon. +## 12.5.8 + +### Security (19 changes, 1 of them is from the community) + +- Prevent gafana integration token from being displayed as a plain text to other project maintainers, by only displaying a masked version of it. +- Update rdoc to 6.1.2. +- Bump rubyzip to 2.0.0. (Utkarsh Gupta) +- Cleanup todos for users from a removed linked group. +- Disable access to last_pipeline in commits API for users without read permissions. +- Add constraint to group dependency proxy endpoint param. +- Limit number of AsciiDoc includes per document. +- Prevent API access for unconfirmed users. +- Enforce permission check when counting activity events. +- Update rack-cors to 1.0.6. +- Fix xss on frequent groups dropdown. +- Fix XSS vulnerability on custom project templates form. +- Protect internal CI builds from external overrides. +- ImportExport::ExportService to require admin_project permission. +- Make sure that only system notes where all references are visible to user are exposed in GraphQL API. +- Disable caching of repository/files/:file_path/raw API endpoint. +- Make cross-repository comparisons happen in the source repository. +- Update excon to 0.71.1 to fix CVE-2019-16779. +- Add workhorse request verification to package upload endpoints. + +### Changed (1 change, 1 of them is from the community) + +- Add template repository usage to the usage ping. !20126 (minghuan lei) + + ## 12.5.5 ### Security (1 change) |