Update CHANGELOG.md for 12.4.1

[ci skip]
parent 8b69a396
...@@ -2,6 +2,24 @@ ...@@ -2,6 +2,24 @@
documentation](doc/development/changelog.md) for instructions on adding your own documentation](doc/development/changelog.md) for instructions on adding your own
entry. entry.
## 12.4.1
### Security (12 changes)
- Standardize error response when route is missing.
- Do not display project labels that are not visible for user accessing group labels.
- Show cross-referenced label and milestones in issues' activities only to authorized users.
- Analyze incoming GraphQL queries and check for recursion.
- Disallow unprivileged users from commenting on private repository commits.
- Don't allow maintainers of a target project to delete the source branch of a merge request from a fork.
- Require Maintainer permission on group where project is transferred to.
- Don't leak private members in project member autocomplete suggestions.
- Return 404 on LFS request if project doesn't exist.
- Mask sentry auth token in Error Tracking dashboard.
- Fixes a Open Redirect issue in `InternalRedirect`.
- Sanitize all wiki markup formats with GitLab sanitization pipelines.
## 12.4.0 ## 12.4.0
### Security (14 changes) ### Security (14 changes)
......
---
title: Standardize error response when route is missing
merge_request:
author:
type: security
---
title: Do not display project labels that are not visible for user accessing group labels
merge_request:
author:
type: security
---
title: Show cross-referenced label and milestones in issues' activities only to authorized users
merge_request:
author:
type: security
---
title: Analyze incoming GraphQL queries and check for recursion
merge_request:
author:
type: security
---
title: Disallow unprivileged users from commenting on private repository commits
merge_request:
author:
type: security
---
title: Don't allow maintainers of a target project to delete the source branch of
a merge request from a fork
merge_request:
author:
type: security
---
title: Require Maintainer permission on group where project is transferred to
merge_request:
author:
type: security
---
title: "Don't leak private members in project member autocomplete suggestions"
type: security
---
title: Return 404 on LFS request if project doesn't exist
merge_request:
author:
type: security
---
title: Mask sentry auth token in Error Tracking dashboard
author:
type: security
---
title: Fixes a Open Redirect issue in `InternalRedirect`.
merge_request:
author:
type: security
---
title: Sanitize all wiki markup formats with GitLab sanitization pipelines
merge_request:
author:
type: security
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment