Merge remote-tracking branch 'dev/master'
This commit is contained in:
commit
42ca24aa5b
27
CHANGELOG.md
27
CHANGELOG.md
|
@ -2,6 +2,33 @@
|
||||||
documentation](doc/development/changelog.md) for instructions on adding your own
|
documentation](doc/development/changelog.md) for instructions on adding your own
|
||||||
entry.
|
entry.
|
||||||
|
|
||||||
|
## 12.8.2
|
||||||
|
|
||||||
|
### Security (17 changes)
|
||||||
|
|
||||||
|
- Update container registry authentication to account for login request when checking permissions.
|
||||||
|
- Update ProjectAuthorization when deleting or updating GroupGroupLink.
|
||||||
|
- Prevent an endless checking loop for two merge requests targeting each other.
|
||||||
|
- Update user 2fa when accepting a group invite.
|
||||||
|
- Fix for XSS in branch names.
|
||||||
|
- Prevent directory traversal through FileUploader.
|
||||||
|
- Run project badge images through the asset proxy.
|
||||||
|
- Check merge requests read permissions before showing them in the pipeline widget.
|
||||||
|
- Respect member access level for group shares.
|
||||||
|
- Remove OID filtering during LFS imports.
|
||||||
|
- Protect against denial of service using pipeline webhook recursion.
|
||||||
|
- Expire account confirmation token.
|
||||||
|
- Prevent XSS in admin grafana URL setting.
|
||||||
|
- Don't require base_sha in DiffRefsType.
|
||||||
|
- Sanitize output by dependency linkers.
|
||||||
|
- Recalculate ProjectAuthorizations for all users.
|
||||||
|
- Escape special chars in Sentry error header.
|
||||||
|
|
||||||
|
### Other (1 change, 1 of them is from the community)
|
||||||
|
|
||||||
|
- Fix fixtures for Error Tracking Web UI. !26233 (Takuya Noguchi)
|
||||||
|
|
||||||
|
|
||||||
## 12.8.1
|
## 12.8.1
|
||||||
|
|
||||||
### Fixed (5 changes)
|
### Fixed (5 changes)
|
||||||
|
|
Loading…
Reference in New Issue