Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
3830617e
Commit
3830617e
authored
Oct 28, 2019
by
GitLab Release Tools Bot
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update CHANGELOG.md for 12.4.1
[ci skip]
parent
8b69a396
Changes
13
Hide whitespace changes
Inline
Side-by-side
Showing
13 changed files
with
18 additions
and
58 deletions
+18
-58
CHANGELOG.md
CHANGELOG.md
+18
-0
changelogs/unreleased/29986-remove-leaky-401-responses.yml
changelogs/unreleased/29986-remove-leaky-401-responses.yml
+0
-5
changelogs/unreleased/security-2914-labels-visible-despite-no-access-to-issues-repositories-12-.yml
...-visible-despite-no-access-to-issues-repositories-12-.yml
+0
-5
changelogs/unreleased/security-2920-fix-notes-with-label-cross-reference-12-4.yml
...curity-2920-fix-notes-with-label-cross-reference-12-4.yml
+0
-5
changelogs/unreleased/security-64519-nested-graphql-query-can-cause-denial-of-service.yml
...4519-nested-graphql-query-can-cause-denial-of-service.yml
+0
-5
changelogs/unreleased/security-65756-ex-admin-attacker-can-comment-in-internal.yml
...urity-65756-ex-admin-attacker-can-comment-in-internal.yml
+0
-5
changelogs/unreleased/security-bvl-validate-force-remove-branch-on-mrs.yml
...ased/security-bvl-validate-force-remove-branch-on-mrs.yml
+0
-6
changelogs/unreleased/security-developer-transfer-project.yml
...gelogs/unreleased/security-developer-transfer-project.yml
+0
-5
changelogs/unreleased/security-hide-private-members-in-project-member-autocomplete.yml
...y-hide-private-members-in-project-member-autocomplete.yml
+0
-3
changelogs/unreleased/security-id-fix-disclosure-of-private-repo-names.yml
...ased/security-id-fix-disclosure-of-private-repo-names.yml
+0
-5
changelogs/unreleased/security-mask-sentry-token-ce.yml
changelogs/unreleased/security-mask-sentry-token-ce.yml
+0
-4
changelogs/unreleased/security-open-redirect-internalredirect.yml
...gs/unreleased/security-open-redirect-internalredirect.yml
+0
-5
changelogs/unreleased/security-wiki-rdoc-content.yml
changelogs/unreleased/security-wiki-rdoc-content.yml
+0
-5
No files found.
CHANGELOG.md
View file @
3830617e
...
@@ -2,6 +2,24 @@
...
@@ -2,6 +2,24 @@
documentation
](
doc/development/changelog.md
)
for instructions on adding your own
documentation
](
doc/development/changelog.md
)
for instructions on adding your own
entry.
entry.
## 12.4.1
### Security (12 changes)
-
Standardize error response when route is missing.
-
Do not display project labels that are not visible for user accessing group labels.
-
Show cross-referenced label and milestones in issues' activities only to authorized users.
-
Analyze incoming GraphQL queries and check for recursion.
-
Disallow unprivileged users from commenting on private repository commits.
-
Don't allow maintainers of a target project to delete the source branch of a merge request from a fork.
-
Require Maintainer permission on group where project is transferred to.
-
Don't leak private members in project member autocomplete suggestions.
-
Return 404 on LFS request if project doesn't exist.
-
Mask sentry auth token in Error Tracking dashboard.
-
Fixes a Open Redirect issue in
`InternalRedirect`
.
-
Sanitize all wiki markup formats with GitLab sanitization pipelines.
## 12.4.0
## 12.4.0
### Security (14 changes)
### Security (14 changes)
...
...
changelogs/unreleased/29986-remove-leaky-401-responses.yml
deleted
100644 → 0
View file @
8b69a396
---
title
:
Standardize error response when route is missing
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-2914-labels-visible-despite-no-access-to-issues-repositories-12-.yml
deleted
100644 → 0
View file @
8b69a396
---
title
:
Do not display project labels that are not visible for user accessing group labels
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-2920-fix-notes-with-label-cross-reference-12-4.yml
deleted
100644 → 0
View file @
8b69a396
---
title
:
Show cross-referenced label and milestones in issues' activities only to authorized users
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-64519-nested-graphql-query-can-cause-denial-of-service.yml
deleted
100644 → 0
View file @
8b69a396
---
title
:
Analyze incoming GraphQL queries and check for recursion
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-65756-ex-admin-attacker-can-comment-in-internal.yml
deleted
100644 → 0
View file @
8b69a396
---
title
:
Disallow unprivileged users from commenting on private repository commits
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-bvl-validate-force-remove-branch-on-mrs.yml
deleted
100644 → 0
View file @
8b69a396
---
title
:
Don't allow maintainers of a target project to delete the source branch of
a merge request from a fork
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-developer-transfer-project.yml
deleted
100644 → 0
View file @
8b69a396
---
title
:
Require Maintainer permission on group where project is transferred to
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-hide-private-members-in-project-member-autocomplete.yml
deleted
100644 → 0
View file @
8b69a396
---
title
:
"
Don't
leak
private
members
in
project
member
autocomplete
suggestions"
type
:
security
changelogs/unreleased/security-id-fix-disclosure-of-private-repo-names.yml
deleted
100644 → 0
View file @
8b69a396
---
title
:
Return 404 on LFS request if project doesn't exist
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-mask-sentry-token-ce.yml
deleted
100644 → 0
View file @
8b69a396
---
title
:
Mask sentry auth token in Error Tracking dashboard
author
:
type
:
security
changelogs/unreleased/security-open-redirect-internalredirect.yml
deleted
100644 → 0
View file @
8b69a396
---
title
:
Fixes a Open Redirect issue in `InternalRedirect`.
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-wiki-rdoc-content.yml
deleted
100644 → 0
View file @
8b69a396
---
title
:
Sanitize all wiki markup formats with GitLab sanitization pipelines
merge_request
:
author
:
type
:
security
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment