summaryrefslogtreecommitdiff
path: root/CHANGELOG.md
diff options
context:
space:
mode:
authorGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>2019-11-26 17:12:51 +0000
committerGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>2019-11-26 17:12:51 +0000
commit7278d3f14262a093ce700db2da5ded6a6ade17f7 (patch)
tree233db22f51cb5cbb53a08279967b8c6ae0fee30e /CHANGELOG.md
parentdfac6800795f87717bf96adf9641e8cec0c241ad (diff)
downloadgitlab-ce-7278d3f14262a093ce700db2da5ded6a6ade17f7.tar.gz
Update CHANGELOG.md for 12.3.7
[ci skip]
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r--CHANGELOG.md15
1 files changed, 15 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5c51f879b4f..1c71567317b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -735,6 +735,21 @@ entry.
- Remove Postgresql specific setup tasks and move to schema.rb.
+## 12.3.7
+
+### Security (9 changes)
+
+- Check permissions before showing a forked project's source.
+- Encrypt application setting tokens.
+- Update Workhorse and Gitaly to fix a security issue.
+- Hide commit counts from guest users in Cycle Analytics.
+- Limit potential for DNS rebind SSRF in chat notifications.
+- Fix 500 error caused by invalid byte sequences in links.
+- Ensure are cleaned by ImportExport::AttributeCleaner.
+- Remove notes regarding Related Branches from Issue activity feeds for guest users.
+- Escape namespace in label references to prevent XSS.
+
+
## 12.3.4
### Fixed (2 changes)