Update CHANGELOG.md for 12.6.2

[ci skip]

CHANGELOG.md

@@ -2,6 +2,18 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 12.6.2
+
+### Security (6 changes)
+
+- GraphQL: Add timeout to all queries.
+- Filter out notification settings for projects that a user does not have at least read access.
+- Hide project name and path when unsusbcribing from an issue or merge request.
+- Fix 500 error caused by invalid byte sequences in uploads links.
+- Return only runners from groups where user is owner for user CI owned runners.
+- Fix Vulnerability of Release Evidence.
+
+
 ## 12.6.1
 
 ### Fixed (2 changes)

changelogs/unreleased/security-11-graphql-timeout.yml

----
-title: 'GraphQL: Add timeout to all queries'
-merge_request:
-author:
-type: security

changelogs/unreleased/security-29983-private-project-name-exposed.yml

----
-title: Filter out notification settings for projects that a user does not have at least read access
-merge_request:
-author:
-type: security

changelogs/unreleased/security-34072-project-name-disclosed.yml

----
-title: Hide project name and path when unsusbcribing from an issue or merge request
-merge_request:
-author:
-type: security

changelogs/unreleased/security-fix-invalid-byte-sequence-upload-links-master.yml

----
-title: Fix 500 error caused by invalid byte sequences in uploads links
-merge_request:
-author:
-type: security

changelogs/unreleased/security-master-mc-api-runner-owner-permissions.yml

----
-title: Return only runners from groups where user is owner for user CI owned runners.
-merge_request:
-author:
-type: security

changelogs/unreleased/security-vulnerable-evidence-12-7.yml

----
-title: Fix Vulnerability of Release Evidence
-merge_request:
-author:
-type: security