Skip to content

G
gitlab-ce
Commit fa496b64 authored by GitLab Release Tools Bot's avatar GitLab Release Tools Bot
Browse files
Options

Update CHANGELOG.md for 12.3.2 

[ci skip]
parent 40a93ab0
Hide whitespace changes
Inline Side-by-side
Showing with 16 additions and 53 deletions
CHANGELOG.md
View file @ fa496b64
......@@ -2,6 +2,22 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
## 12.3.2
### Security (10 changes)
- Fix Gitaly SearchBlobs flag RPC injection.
- Add a policy check for system notes that may not be visible due to cross references to private items.
- Display only participants that user has permission to see on milestone page.
- Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings.
- Fix new project path being disclosed through unsubscribe link of issue/merge requests.
- Prevent bypassing email verification using Salesforce.
- Do not show resource label events referencing not accessible labels.
- Cancel all running CI jobs triggered by the user who is just blocked.
- Only render fixed number of mermaid blocks.
- Prevent GitLab accounts takeover if SAML is configured.
## 12.3.1
### Fixed (4 changes)
......
changelogs/unreleased/12-3-stable.yml deleted 100644 → 0
View file @ 40a93ab0
---
title: Fix Gitaly SearchBlobs flag RPC injection
merge_request:
author:
type: security
changelogs/unreleased/security-12630-private-system-note-disclosed-in-graphql.yml deleted 100644 → 0
View file @ 40a93ab0
---
title: Add a policy check for system notes that may not be visible due to cross references
to private items
merge_request:
author:
type: security
changelogs/unreleased/security-12717-fix-confidential-issue-assignee-visible-to-guests.yml deleted 100644 → 0
View file @ 40a93ab0
---
title: Display only participants that user has permission to see on milestone page
merge_request:
author:
type: security
changelogs/unreleased/security-12718-project-milestones-disclosed-via-groups.yml deleted 100644 → 0
View file @ 40a93ab0
---
title: Do not disclose project milestones on group milestones page when project milestones
access is disabled in project settings
merge_request:
author:
type: security
changelogs/unreleased/security-64938-dont-disclose-path.yml deleted 100644 → 0
View file @ 40a93ab0
---
title: Fix new project path being disclosed through unsubscribe link of issue/merge
requests
merge_request:
author:
type: security
changelogs/unreleased/security-bypass-email-verification-using-salesforce.yml deleted 100644 → 0
View file @ 40a93ab0
---
title: Prevent bypassing email verification using Salesforce
merge_request:
author:
type: security
changelogs/unreleased/security-cross-reference-fix.yml deleted 100644 → 0
View file @ 40a93ab0
---
title: Do not show resource label events referencing not accessible labels.
merge_request:
author:
type: security
changelogs/unreleased/security-fp-stop-jobs-when-blocking-user.yml deleted 100644 → 0
View file @ 40a93ab0
---
title: Cancel all running CI jobs triggered by the user who is just blocked
merge_request:
author:
type: security
changelogs/unreleased/security-mermaid-block.yml deleted 100644 → 0
View file @ 40a93ab0
---
title: Only render fixed number of mermaid blocks
merge_request:
author:
type: security
changelogs/unreleased/security-sarcila-verify-saml-request-origin.yml deleted 100644 → 0
View file @ 40a93ab0
---
title: Prevent GitLab accounts takeover if SAML is configured
merge_request:
author:
type: security
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7