Merge remote-tracking branch 'dev/master'
This commit is contained in:
commit
adafb996ef
42
CHANGELOG.md
42
CHANGELOG.md
|
@ -2,6 +2,20 @@
|
|||
documentation](doc/development/changelog.md) for instructions on adding your own
|
||||
entry.
|
||||
|
||||
## 12.10.2 (2020-04-30)
|
||||
|
||||
### Security (8 changes)
|
||||
|
||||
- Ensure MR diff exists before codeowner check.
|
||||
- Apply CODEOWNERS validations to web requests.
|
||||
- Prevent unauthorized access to default branch.
|
||||
- Do not return private project ID without permission.
|
||||
- Fix doorkeeper CVE-2020-10187.
|
||||
- Change GitHub service integration token input to password.
|
||||
- Return only safe urls for mirrors.
|
||||
- Validate workhorse 'rewritten_fields' and properly use them during multipart uploads.
|
||||
|
||||
|
||||
## 12.10.1 (2020-04-24)
|
||||
|
||||
### Fixed (5 changes)
|
||||
|
@ -463,6 +477,21 @@ entry.
|
|||
- Remove store_mentions! in Snippets::CreateService. !29581 (Sashi Kumar)
|
||||
|
||||
|
||||
## 12.9.5 (2020-04-30)
|
||||
|
||||
### Security (9 changes)
|
||||
|
||||
- Ensure MR diff exists before codeowner check.
|
||||
- Apply CODEOWNERS validations to web requests.
|
||||
- Prevent unauthorized access to default branch.
|
||||
- Do not return private project ID without permission.
|
||||
- Fix doorkeeper CVE-2020-10187.
|
||||
- Prevent ES credentials leak.
|
||||
- Change GitHub service integration token input to password.
|
||||
- Return only safe urls for mirrors.
|
||||
- Validate workhorse 'rewritten_fields' and properly use them during multipart uploads.
|
||||
|
||||
|
||||
## 12.9.4 (2020-04-16)
|
||||
|
||||
- No changes.
|
||||
|
@ -981,6 +1010,19 @@ entry.
|
|||
- Improvement in token reference.
|
||||
|
||||
|
||||
## 12.8.10 (2020-04-30)
|
||||
|
||||
### Security (7 changes)
|
||||
|
||||
- Ensure MR diff exists before codeowner check.
|
||||
- Prevent unauthorized access to default branch.
|
||||
- Do not return private project ID without permission.
|
||||
- Fix doorkeeper CVE-2020-10187.
|
||||
- Prevent ES credentials leak.
|
||||
- Return only safe urls for mirrors.
|
||||
- Validate workhorse 'rewritten_fields' and properly use them during multipart uploads.
|
||||
|
||||
|
||||
## 12.8.9 (2020-04-14)
|
||||
|
||||
### Security (3 changes)
|
||||
|
|
Loading…
Reference in New Issue