Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
2b55fb03
Commit
2b55fb03
authored
Aug 27, 2019
by
GitLab Release Tools Bot
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update CHANGELOG.md for 12.0.7
[ci skip]
parent
c9021037
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
28 additions
and
0 deletions
+28
-0
CHANGELOG.md
CHANGELOG.md
+28
-0
No files found.
CHANGELOG.md
View file @
2b55fb03
...
...
@@ -591,6 +591,34 @@ entry.
-
Removes EE differences for app/views/admin/users/show.html.haml.
## 12.0.7
### Security (22 changes)
-
Ensure only authorised users can create notes on Merge Requests and Issues.
-
Add :login_recaptcha_protection_enabled setting to prevent bots from brute-force attacks.
-
Queries for Upload should be scoped by model.
-
Speed up regexp in namespace format by failing fast after reaching maximum namespace depth.
-
Limit the size of issuable description and comments.
-
Send TODOs for comments on commits correctly.
-
Restrict MergeRequests#test_reports to authenticated users with read-access on Builds.
-
Added image proxy to mitigate potential stealing of IP addresses.
-
Filter out old system notes for epics in notes api endpoint response.
-
Avoid exposing unaccessible repo data upon GFM post processing.
-
Fix HTML injection for label description.
-
Make sure HTML text is always escaped when replacing label/milestone references.
-
Prevent DNS rebind on JIRA service integration.
-
Use admin_group authorization in Groups::RunnersController.
-
Prevent disclosure of merge request ID via email.
-
Show cross-referenced MR-id in issues' activities only to authorized users.
-
Enforce max chars and max render time in markdown math.
-
Check permissions before responding in MergeController#pipeline_status.
-
Remove EXIF from users/personal snippet uploads.
-
Fix project import restricted visibility bypass via API.
-
Fix weak session management by clearing password reset tokens after login (username/email) are updated.
-
Fix SSRF via DNS rebinding in Kubernetes Integration.
## 12.0.6
-
No changes.
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment