diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-10-30 15:14:17 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-10-30 15:14:17 +0000 |
commit | 3fe9588b1c1c4fb58f8ba8e9c27244fc2fc1c103 (patch) | |
tree | d19448d010ff9d58fed14846736ee358fb6b3327 /CHANGELOG.md | |
parent | ad8eea383406037a207c80421e6e4bfa357f8044 (diff) | |
download | gitlab-ce-3fe9588b1c1c4fb58f8ba8e9c27244fc2fc1c103.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r-- | CHANGELOG.md | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 16a36724b4f..64f7957860c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,11 +4,12 @@ entry. ## 12.4.1 -### Security (12 changes) +### Security (14 changes) - Standardize error response when route is missing. - Do not display project labels that are not visible for user accessing group labels. - Show cross-referenced label and milestones in issues' activities only to authorized users. +- Show cross-referenced label and milestones in issues' activities only to authorized users. - Analyze incoming GraphQL queries and check for recursion. - Disallow unprivileged users from commenting on private repository commits. - Don't allow maintainers of a target project to delete the source branch of a merge request from a fork. @@ -17,6 +18,7 @@ entry. - Return 404 on LFS request if project doesn't exist. - Mask sentry auth token in Error Tracking dashboard. - Fixes a Open Redirect issue in `InternalRedirect`. +- Remove deploy access level when project/group link is deleted. - Sanitize all wiki markup formats with GitLab sanitization pipelines. |