Commit 1b4dd9c5 authored by GitLab Release Tools Bot's avatar GitLab Release Tools Bot Committed by Yorick Peterse

Update CHANGELOG.md for 12.1.12

[ci skip]
parent 1141cdbf
......@@ -631,6 +631,23 @@ entry.
- Update Packer.gitlab-ci.yml to use latest image. (Kelly Hair)
## 12.1.12
### Security (11 changes)
- Add a policy check for system notes that may not be visible due to cross references to private items.
- Display only participants that user has permission to see on milestone page.
- Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings.
- Fix new project path being disclosed through unsubscribe link of issue/merge requests.
- Prevent bypassing email verification using Salesforce.
- Do not show resource label events referencing not accessible labels.
- Cancel all running CI jobs triggered by the user who is just blocked.
- Fix Gitaly SearchBlobs flag RPC injection.
- Only render fixed number of mermaid blocks.
- Prevent GitLab accounts takeover if SAML is configured.
- Upgrade mermaid to prevent XSS.
## 12.1.10
- No changes.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment