Update CHANGELOG.md for 12.9.5

[ci skip]
This commit is contained in:
GitLab Release Tools Bot 2020-04-30 14:21:17 +00:00
parent 8fd8de4328
commit 62a87135ad

View file

@ -477,6 +477,21 @@ entry.
- Remove store_mentions! in Snippets::CreateService. !29581 (Sashi Kumar)
## 12.9.5 (2020-04-30)
### Security (9 changes)
- Ensure MR diff exists before codeowner check.
- Apply CODEOWNERS validations to web requests.
- Prevent unauthorized access to default branch.
- Do not return private project ID without permission.
- Fix doorkeeper CVE-2020-10187.
- Prevent ES credentials leak.
- Change GitHub service integration token input to password.
- Return only safe urls for mirrors.
- Validate workhorse 'rewritten_fields' and properly use them during multipart uploads.
## 12.9.4 (2020-04-16)
- No changes.