Commit fe3e2efa authored by Marin Jankovski's avatar Marin Jankovski

Merge branch 'master' of dev.gitlab.org:gitlab/gitlab-ee

parents 968133bf 60ddd8fb
Please view this file on the master branch, on stable branches it's out of date.
## 12.7.3
- No changes.
## 12.7.1
### Fixed (1 change)
......@@ -95,6 +99,10 @@ Please view this file on the master branch, on stable branches it's out of date.
- Remove "creations" in gitlab_subscription_histories on gitlab.com. !22278
## 12.6.5
- No changes.
## 12.6.4
- No changes.
......@@ -207,6 +215,10 @@ Please view this file on the master branch, on stable branches it's out of date.
- Update the alerts used in the Dependency List to follow GitLab design guidelines. !21760
## 12.5.8
- No changes.
## 12.5.5
- No changes.
......
......@@ -2,6 +2,29 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
## 12.7.3
### Security (17 changes, 1 of them is from the community)
- Fix xss on frequent groups dropdown. !50
- Bump rubyzip to 2.0.0. (Utkarsh Gupta)
- Disable access to last_pipeline in commits API for users without read permissions.
- Add constraint to group dependency proxy endpoint param.
- Limit number of AsciiDoc includes per document.
- Prevent API access for unconfirmed users.
- Enforce permission check when counting activity events.
- Prevent gafana integration token from being displayed as a plain text to other project maintainers, by only displaying a masked version of it. GraphQL api deprecate token field in GrafanaIntegration type.
- Cleanup todos for users from a removed linked group.
- Fix XSS vulnerability on custom project templates form.
- Protect internal CI builds from external overrides.
- ImportExport::ExportService to require admin_project permission.
- Make sure that only system notes where all references are visible to user are exposed in GraphQL API.
- Disable caching of repository/files/:file_path/raw API endpoint.
- Make cross-repository comparisons happen in the source repository.
- Update excon to 0.71.1 to fix CVE-2019-16779.
- Add workhorse request verification to package upload endpoints.
## 12.7.1
### Fixed (6 changes)
......@@ -336,6 +359,31 @@ entry.
- Update the Net-LDAP gem to 0.16.2.
## 12.6.5
### Security (19 changes, 1 of them is from the community)
- Update rack-cors to 1.0.6.
- Update rdoc to 6.1.2.
- Bump rubyzip to 2.0.0. (Utkarsh Gupta)
- Cleanup todos for users from a removed linked group.
- Disable access to last_pipeline in commits API for users without read permissions.
- Add constraint to group dependency proxy endpoint param.
- Limit number of AsciiDoc includes per document.
- Prevent API access for unconfirmed users.
- Enforce permission check when counting activity events.
- Prevent gafana integration token from being displayed as a plain text to other project maintainers, by only displaying a masked version of it.
- Fix xss on frequent groups dropdown.
- Fix XSS vulnerability on custom project templates form.
- Protect internal CI builds from external overrides.
- ImportExport::ExportService to require admin_project permission.
- Make sure that only system notes where all references are visible to user are exposed in GraphQL API.
- Disable caching of repository/files/:file_path/raw API endpoint.
- Make cross-repository comparisons happen in the source repository.
- Update excon to 0.71.1 to fix CVE-2019-16779.
- Add workhorse request verification to package upload endpoints.
## 12.6.4
### Security (1 change)
......@@ -756,6 +804,35 @@ entry.
- Replace Font Awesome bullhorn icon with GitLab bullhorn icon.
## 12.5.8
### Security (19 changes, 1 of them is from the community)
- Prevent gafana integration token from being displayed as a plain text to other project maintainers, by only displaying a masked version of it.
- Update rdoc to 6.1.2.
- Bump rubyzip to 2.0.0. (Utkarsh Gupta)
- Cleanup todos for users from a removed linked group.
- Disable access to last_pipeline in commits API for users without read permissions.
- Add constraint to group dependency proxy endpoint param.
- Limit number of AsciiDoc includes per document.
- Prevent API access for unconfirmed users.
- Enforce permission check when counting activity events.
- Update rack-cors to 1.0.6.
- Fix xss on frequent groups dropdown.
- Fix XSS vulnerability on custom project templates form.
- Protect internal CI builds from external overrides.
- ImportExport::ExportService to require admin_project permission.
- Make sure that only system notes where all references are visible to user are exposed in GraphQL API.
- Disable caching of repository/files/:file_path/raw API endpoint.
- Make cross-repository comparisons happen in the source repository.
- Update excon to 0.71.1 to fix CVE-2019-16779.
- Add workhorse request verification to package upload endpoints.
### Changed (1 change, 1 of them is from the community)
- Add template repository usage to the usage ping. !20126 (minghuan lei)
## 12.5.5
### Security (1 change)
......
---
title: Bump rubyzip to 2.0.0
merge_request:
author: Utkarsh Gupta
type: security
---
title: Cleanup todos for users from a removed linked group
merge_request:
author:
type: security
---
title: Disable access to last_pipeline in commits API for users without read permissions
merge_request:
author:
type: security
---
title: Add constraint to group dependency proxy endpoint param
merge_request:
author:
type: security
---
title: Limit number of AsciiDoc includes per document
merge_request:
author:
type: security
---
title: Prevent API access for unconfirmed users
merge_request:
author:
type: security
---
title: Enforce permission check when counting activity events
merge_request:
author:
type: security
---
title: Prevent gafana integration token from being displayed as a plain text to other project maintainers, by only displaying a masked version of it. GraphQL api deprecate token field in GrafanaIntegration type.
merge_request:
author:
type: security
---
title: Fix xss on frequent groups dropdown
merge_request:
author:
type: security
---
title: Fix XSS vulnerability on custom project templates form
merge_request:
author:
type: security
---
title: Protect internal CI builds from external overrides
merge_request:
author:
type: security
---
title: ImportExport::ExportService to require admin_project permission
merge_request:
author:
type: security
---
title: Make sure that only system notes where all references are visible to user are exposed in GraphQL API.
merge_request:
author:
type: security
---
title: Disable caching of repository/files/:file_path/raw API endpoint
merge_request:
author:
type: security
---
title: Make cross-repository comparisons happen in the source repository
merge_request:
author:
type: security
---
title: Update excon to 0.71.1 to fix CVE-2019-16779
merge_request:
author:
type: security
---
title: Add workhorse request verification to package upload endpoints
merge_request:
author:
type: security
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment