Update CHANGELOG.md for 12.9.5
[ci skip]
This commit is contained in:
parent
8fd8de4328
commit
62a87135ad
1 changed files with 15 additions and 0 deletions
15
CHANGELOG.md
15
CHANGELOG.md
|
@ -477,6 +477,21 @@ entry.
|
|||
- Remove store_mentions! in Snippets::CreateService. !29581 (Sashi Kumar)
|
||||
|
||||
|
||||
## 12.9.5 (2020-04-30)
|
||||
|
||||
### Security (9 changes)
|
||||
|
||||
- Ensure MR diff exists before codeowner check.
|
||||
- Apply CODEOWNERS validations to web requests.
|
||||
- Prevent unauthorized access to default branch.
|
||||
- Do not return private project ID without permission.
|
||||
- Fix doorkeeper CVE-2020-10187.
|
||||
- Prevent ES credentials leak.
|
||||
- Change GitHub service integration token input to password.
|
||||
- Return only safe urls for mirrors.
|
||||
- Validate workhorse 'rewritten_fields' and properly use them during multipart uploads.
|
||||
|
||||
|
||||
## 12.9.4 (2020-04-16)
|
||||
|
||||
- No changes.
|
||||
|
|
Loading…
Reference in a new issue