From da27da93b4ece9a44a04fdfb9cc2e3c3443b9576 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Thu, 26 Sep 2019 22:23:51 +0000 Subject: Update CHANGELOG.md for 12.3.2 [ci skip] --- CHANGELOG.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index f1a38a2625f..b71039316ba 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,22 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 12.3.2 + +### Security (10 changes) + +- Fix Gitaly SearchBlobs flag RPC injection. +- Add a policy check for system notes that may not be visible due to cross references to private items. +- Display only participants that user has permission to see on milestone page. +- Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings. +- Fix new project path being disclosed through unsubscribe link of issue/merge requests. +- Prevent bypassing email verification using Salesforce. +- Do not show resource label events referencing not accessible labels. +- Cancel all running CI jobs triggered by the user who is just blocked. +- Only render fixed number of mermaid blocks. +- Prevent GitLab accounts takeover if SAML is configured. + + ## 12.3.1 ### Fixed (4 changes) -- cgit v1.2.1