Update CHANGELOG.md for 12.9.1

[ci skip]

Update CHANGELOG.md for 12.9.1
[ci skip]
e9aea5b2 · GitLab Release Tools Bot · 729e3765 · e9aea5b2 · 729e3765
Commit e9aea5b2 authored Mar 26, 2020 by GitLab Release Tools Bot
Hide whitespace changes
Inline Side-by-side

Showing with 26 additions and 5 deletions

CHANGELOG.md CHANGELOG.md +26 -0

changelogs/unreleased/212178-fix-authorized-keys-worker.yml changelogs/unreleased/212178-fix-authorized-keys-worker.yml +0 -5

No files found.
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,32 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.

+## 12.9.1 (2020-03-26)
+
+### Security (16 changes)
+
+- Add permission check for pipeline status of MR.
+- Ignore empty remote_id params from Workhorse accelerated uploads.
+- External user can not create personal snippet through API.
+- Prevent malicious entry for group name.
+- Restrict mirroring changes to admins only when mirroring is disabled.
+- Reject all container registry requests from blocked users.
+- Deny localhost requests on fogbugz importer.
+- Redact notes in moved confidential issues.
+- Fix UploadRewriter Path Traversal vulnerability.
+- Block hotlinking to repository archives.
+- Restrict access to project pipeline metrics reports.
+- vulnerability_feedback records should be restricted to a dev role and above.
+- Exclude Carrierwave remote URL methods from import.
+- Update Nokogiri to fix CVE-2020-7595.
+- Prevent updating trigger by other maintainers.
+- Fix XSS vulnerability in `admin/email` "Recipient Group" dropdown.
+
+### Fixed (1 change)
+
+- Fix updating the authorized_keys file. !27798
+
+
 ## 12.9.0 (2020-03-22)

 ### Security (1 change)

--- a/changelogs/unreleased/212178-fix-authorized-keys-worker.yml
+++ b/changelogs/unreleased/212178-fix-authorized-keys-worker.yml
---
-title: Fix updating the authorized_keys file
-merge_request: 27798
-author:
-type: fixed