From a75d7c48aa80da0f3d8a027537fce6351a36928b Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Thu, 26 Sep 2019 23:06:22 +0000 Subject: Update CHANGELOG.md for 12.1.12 [ci skip] --- CHANGELOG.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index a6d0da2b67f..68c0f0e6255 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -631,6 +631,23 @@ entry. - Update Packer.gitlab-ci.yml to use latest image. (Kelly Hair) +## 12.1.12 + +### Security (11 changes) + +- Add a policy check for system notes that may not be visible due to cross references to private items. +- Display only participants that user has permission to see on milestone page. +- Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings. +- Fix new project path being disclosed through unsubscribe link of issue/merge requests. +- Prevent bypassing email verification using Salesforce. +- Do not show resource label events referencing not accessible labels. +- Cancel all running CI jobs triggered by the user who is just blocked. +- Fix Gitaly SearchBlobs flag RPC injection. +- Only render fixed number of mermaid blocks. +- Prevent GitLab accounts takeover if SAML is configured. +- Upgrade mermaid to prevent XSS. + + ## 12.1.10 - No changes. -- cgit v1.2.1