summaryrefslogtreecommitdiff
path: root/CHANGELOG.md
diff options
context:
space:
mode:
authorGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>2019-09-26 23:06:22 +0000
committerGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>2019-09-26 23:06:22 +0000
commita75d7c48aa80da0f3d8a027537fce6351a36928b (patch)
tree5474498a4d27a014b13c0484a600d2f7465a1958 /CHANGELOG.md
parentdded7f0f4079ee3574a172ad7773e0e453c9ef46 (diff)
downloadgitlab-ce-a75d7c48aa80da0f3d8a027537fce6351a36928b.tar.gz
Update CHANGELOG.md for 12.1.12
[ci skip]
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r--CHANGELOG.md17
1 files changed, 17 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index a6d0da2b67f..68c0f0e6255 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -631,6 +631,23 @@ entry.
- Update Packer.gitlab-ci.yml to use latest image. (Kelly Hair)
+## 12.1.12
+
+### Security (11 changes)
+
+- Add a policy check for system notes that may not be visible due to cross references to private items.
+- Display only participants that user has permission to see on milestone page.
+- Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings.
+- Fix new project path being disclosed through unsubscribe link of issue/merge requests.
+- Prevent bypassing email verification using Salesforce.
+- Do not show resource label events referencing not accessible labels.
+- Cancel all running CI jobs triggered by the user who is just blocked.
+- Fix Gitaly SearchBlobs flag RPC injection.
+- Only render fixed number of mermaid blocks.
+- Prevent GitLab accounts takeover if SAML is configured.
+- Upgrade mermaid to prevent XSS.
+
+
## 12.1.10
- No changes.