Update CHANGELOG.md for 12.10.2

[ci skip]
parent 20444f9b
...@@ -2,6 +2,20 @@ ...@@ -2,6 +2,20 @@
documentation](doc/development/changelog.md) for instructions on adding your own documentation](doc/development/changelog.md) for instructions on adding your own
entry. entry.
## 12.10.2 (2020-04-30)
### Security (8 changes)
- Ensure MR diff exists before codeowner check.
- Apply CODEOWNERS validations to web requests.
- Prevent unauthorized access to default branch.
- Do not return private project ID without permission.
- Fix doorkeeper CVE-2020-10187.
- Change GitHub service integration token input to password.
- Return only safe urls for mirrors.
- Validate workhorse 'rewritten_fields' and properly use them during multipart uploads.
## 12.10.1 (2020-04-24) ## 12.10.1 (2020-04-24)
### Fixed (5 changes) ### Fixed (5 changes)
......
---
title: Ensure MR diff exists before codeowner check
merge_request:
author:
type: security
---
title: Apply CODEOWNERS validations to web requests
merge_request:
author:
type: security
---
title: Prevent unauthorized access to default branch
merge_request:
author:
type: security
---
title: Do not return private project ID without permission
merge_request:
author:
type: security
---
title: Fix doorkeeper CVE-2020-10187
merge_request:
author:
type: security
---
title: Change GitHub service integration token input to password
merge_request:
author:
type: security
---
title: Return only safe urls for mirrors
merge_request:
author:
type: security
---
title: Validate workhorse 'rewritten_fields' and properly use them during multipart
uploads
merge_request:
author:
type: security
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment