Update CHANGELOG.md for 12.1.12
[ci skip]
This commit is contained in:
GitLab Release Tools Bot
Yorick Peterse
parent
1141cdbf81
commit
1b4dd9c56a
1 changed files with 17 additions and 0 deletions
17
CHANGELOG.md
17
CHANGELOG.md
|
|
@ -631,6 +631,23 @@ entry.
|
|||
- Update Packer.gitlab-ci.yml to use latest image. (Kelly Hair)
|
||||
|
||||
|
||||
## 12.1.12
|
||||
|
||||
### Security (11 changes)
|
||||
|
||||
- Add a policy check for system notes that may not be visible due to cross references to private items.
|
||||
- Display only participants that user has permission to see on milestone page.
|
||||
- Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings.
|
||||
- Fix new project path being disclosed through unsubscribe link of issue/merge requests.
|
||||
- Prevent bypassing email verification using Salesforce.
|
||||
- Do not show resource label events referencing not accessible labels.
|
||||
- Cancel all running CI jobs triggered by the user who is just blocked.
|
||||
- Fix Gitaly SearchBlobs flag RPC injection.
|
||||
- Only render fixed number of mermaid blocks.
|
||||
- Prevent GitLab accounts takeover if SAML is configured.
|
||||
- Upgrade mermaid to prevent XSS.
|
||||
|
||||
|
||||
## 12.1.10
|
||||
|
||||
- No changes.
|
||||
|
|
|
|||
Loading…
Reference in a new issue