Update CHANGELOG.md for 12.4.4

[ci skip]
author: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> 2019-11-26 22:07:49 +0000
committer: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> 2019-11-26 22:07:49 +0000
commit: f220df53b6606e7e6699cc1073a6d2fa07ccdad1 (patch)
tree: 10de24fec10aa690c59b42516624f5356e5d55a0 /CHANGELOG.md
parent: 7278d3f14262a093ce700db2da5ded6a6ade17f7 (diff)
download: gitlab-ce-f220df53b6606e7e6699cc1073a6d2fa07ccdad1.tar.gz
1 files changed, 15 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1c71567317b..bea21092b43 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -367,6 +367,21 @@ entry.
 - Change selects from default browser style to custom style.
 
 
+## 12.4.4
+
+### Security (9 changes)
+
+- Check permissions before showing a forked project's source.
+- Encrypt application setting tokens.
+- Update Workhorse and Gitaly to fix a security issue.
+- Hide commit counts from guest users in Cycle Analytics.
+- Limit potential for DNS rebind SSRF in chat notifications.
+- Fix 500 error caused by invalid byte sequences in links.
+- Ensure are cleaned by ImportExport::AttributeCleaner.
+- Remove notes regarding Related Branches from Issue activity feeds for guest users.
+- Escape namespace in label references to prevent XSS.
+
+
 ## 12.4.3
 
 ### Fixed (2 changes)
author	GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>	2019-11-26 22:07:49 +0000
committer	GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>	2019-11-26 22:07:49 +0000
commit	f220df53b6606e7e6699cc1073a6d2fa07ccdad1 (patch)
tree	10de24fec10aa690c59b42516624f5356e5d55a0 /CHANGELOG.md
parent	7278d3f14262a093ce700db2da5ded6a6ade17f7 (diff)
download	gitlab-ce-f220df53b6606e7e6699cc1073a6d2fa07ccdad1.tar.gz