summaryrefslogtreecommitdiff
path: root/CHANGELOG.md
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2019-09-30 15:08:09 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2019-09-30 15:08:09 +0000
commit538fff823de57d1ba5317961aa43091de9dc007f (patch)
treec741665b338cc0d51ce5f73f5671e5eee8e69349 /CHANGELOG.md
parent3692e9f8a23386c627942ca2a9edd8c00af7e904 (diff)
downloadgitlab-ce-538fff823de57d1ba5317961aa43091de9dc007f.tar.gz
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r--CHANGELOG.md10
1 files changed, 7 insertions, 3 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8a4c2fab541..c2ffec09cb2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,16 +4,18 @@ entry.
## 12.3.2
-### Security (10 changes)
+### Security (12 changes)
- Fix Gitaly SearchBlobs flag RPC injection.
- Add a policy check for system notes that may not be visible due to cross references to private items.
- Display only participants that user has permission to see on milestone page.
- Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings.
+- Check permissions before showing head pipeline blocking merge requests.
- Fix new project path being disclosed through unsubscribe link of issue/merge requests.
- Prevent bypassing email verification using Salesforce.
- Do not show resource label events referencing not accessible labels.
- Cancel all running CI jobs triggered by the user who is just blocked.
+- Fix Gitaly SearchBlobs flag RPC injection.
- Only render fixed number of mermaid blocks.
- Prevent GitLab accounts takeover if SAML is configured.
@@ -299,11 +301,12 @@ entry.
## 12.2.6
-### Security (10 changes)
+### Security (11 changes)
- Add a policy check for system notes that may not be visible due to cross references to private items.
- Display only participants that user has permission to see on milestone page.
- Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings.
+- Check permissions before showing head pipeline blocking merge requests.
- Fix new project path being disclosed through unsubscribe link of issue/merge requests.
- Prevent bypassing email verification using Salesforce.
- Do not show resource label events referencing not accessible labels.
@@ -633,11 +636,12 @@ entry.
## 12.1.12
-### Security (11 changes)
+### Security (12 changes)
- Add a policy check for system notes that may not be visible due to cross references to private items.
- Display only participants that user has permission to see on milestone page.
- Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings.
+- Check permissions before showing head pipeline blocking merge requests.
- Fix new project path being disclosed through unsubscribe link of issue/merge requests.
- Prevent bypassing email verification using Salesforce.
- Do not show resource label events referencing not accessible labels.