Update CHANGELOG.md for 12.3.7

[ci skip]
2019-11-26 17:12:51 +00:00 · 2019-11-26 17:12:51 +00:00 · 7278d3f142
commit 7278d3f142
parent dfac680079
9 changed files with 15 additions and 41 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -735,6 +735,21 @@ entry.
 - Remove Postgresql specific setup tasks and move to schema.rb.


+## 12.3.7
+
+### Security (9 changes)
+
+- Check permissions before showing a forked project's source.
+- Encrypt application setting tokens.
+- Update Workhorse and Gitaly to fix a security issue.
+- Hide commit counts from guest users in Cycle Analytics.
+- Limit potential for DNS rebind SSRF in chat notifications.
+- Fix 500 error caused by invalid byte sequences in links.
+- Ensure are cleaned by ImportExport::AttributeCleaner.
+- Remove notes regarding Related Branches from Issue activity feeds for guest users.
+- Escape namespace in label references to prevent XSS.
+
+
 ## 12.3.4

 ### Fixed (2 changes)
--- a/changelogs/unreleased/security-28802-respect-fork-parent-visibility-ee.yml
+++ b/changelogs/unreleased/security-28802-respect-fork-parent-visibility-ee.yml
@ -1,5 +0,0 @@
---
-title: Check permissions before showing a forked project's source
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-2943-encrypt-plaintext-tokens.yml
+++ b/changelogs/unreleased/security-2943-encrypt-plaintext-tokens.yml
@ -1,5 +0,0 @@
---
-title: Encrypt application setting tokens
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-ag-cycle-analytics-guest-permissions.yml
+++ b/changelogs/unreleased/security-ag-cycle-analytics-guest-permissions.yml
@ -1,5 +0,0 @@
---
-title: Hide commit counts from guest users in Cycle Analytics.
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-dns-rebind-ssrf-in-slack-notifications.yml
+++ b/changelogs/unreleased/security-dns-rebind-ssrf-in-slack-notifications.yml
@ -1,5 +0,0 @@
---
-title: Limit potential for DNS rebind SSRF in chat notifications
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-dos-issue-and-commit-comments-master.yml
+++ b/changelogs/unreleased/security-dos-issue-and-commit-comments-master.yml
@ -1,5 +0,0 @@
---
-title: Fix 500 error caused by invalid byte sequences in links
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-exclude_ids_attribute_cleaning.yml
+++ b/changelogs/unreleased/security-exclude_ids_attribute_cleaning.yml
@ -1,5 +0,0 @@
---
-title: Ensure are cleaned by ImportExport::AttributeCleaner
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-filter-related-branches-from-activity-feed.yml
+++ b/changelogs/unreleased/security-filter-related-branches-from-activity-feed.yml
@ -1,6 +0,0 @@
---
-title: Remove notes regarding Related Branches from Issue activity feeds for guest
-  users
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-fix-xss-in-label-namespace.yml
+++ b/changelogs/unreleased/security-fix-xss-in-label-namespace.yml
@ -1,5 +0,0 @@
---
-title: Escape namespace in label references to prevent XSS
-merge_request:
-author:
-type: security