Update CHANGELOG.md for 12.4.1
[ci skip]
This commit is contained in:
parent
c4edbefa45
commit
1cffa11714
1 changed files with 18 additions and 0 deletions
18
CHANGELOG.md
18
CHANGELOG.md
|
@ -2,6 +2,24 @@
|
|||
documentation](doc/development/changelog.md) for instructions on adding your own
|
||||
entry.
|
||||
|
||||
## 12.4.1
|
||||
|
||||
### Security (12 changes)
|
||||
|
||||
- Standardize error response when route is missing.
|
||||
- Do not display project labels that are not visible for user accessing group labels.
|
||||
- Show cross-referenced label and milestones in issues' activities only to authorized users.
|
||||
- Analyze incoming GraphQL queries and check for recursion.
|
||||
- Disallow unprivileged users from commenting on private repository commits.
|
||||
- Don't allow maintainers of a target project to delete the source branch of a merge request from a fork.
|
||||
- Require Maintainer permission on group where project is transferred to.
|
||||
- Don't leak private members in project member autocomplete suggestions.
|
||||
- Return 404 on LFS request if project doesn't exist.
|
||||
- Mask sentry auth token in Error Tracking dashboard.
|
||||
- Fixes a Open Redirect issue in `InternalRedirect`.
|
||||
- Sanitize all wiki markup formats with GitLab sanitization pipelines.
|
||||
|
||||
|
||||
## 12.4.0
|
||||
|
||||
### Security (14 changes)
|
||||
|
|
Loading…
Reference in a new issue