Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
fa496b64
Commit
fa496b64
authored
Sep 26, 2019
by
GitLab Release Tools Bot
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update CHANGELOG.md for 12.3.2
[ci skip]
parent
40a93ab0
Changes
11
Hide whitespace changes
Inline
Side-by-side
Showing
11 changed files
with
16 additions
and
53 deletions
+16
-53
CHANGELOG.md
CHANGELOG.md
+16
-0
changelogs/unreleased/12-3-stable.yml
changelogs/unreleased/12-3-stable.yml
+0
-5
changelogs/unreleased/security-12630-private-system-note-disclosed-in-graphql.yml
...curity-12630-private-system-note-disclosed-in-graphql.yml
+0
-6
changelogs/unreleased/security-12717-fix-confidential-issue-assignee-visible-to-guests.yml
...717-fix-confidential-issue-assignee-visible-to-guests.yml
+0
-5
changelogs/unreleased/security-12718-project-milestones-disclosed-via-groups.yml
...ecurity-12718-project-milestones-disclosed-via-groups.yml
+0
-6
changelogs/unreleased/security-64938-dont-disclose-path.yml
changelogs/unreleased/security-64938-dont-disclose-path.yml
+0
-6
changelogs/unreleased/security-bypass-email-verification-using-salesforce.yml
...d/security-bypass-email-verification-using-salesforce.yml
+0
-5
changelogs/unreleased/security-cross-reference-fix.yml
changelogs/unreleased/security-cross-reference-fix.yml
+0
-5
changelogs/unreleased/security-fp-stop-jobs-when-blocking-user.yml
...s/unreleased/security-fp-stop-jobs-when-blocking-user.yml
+0
-5
changelogs/unreleased/security-mermaid-block.yml
changelogs/unreleased/security-mermaid-block.yml
+0
-5
changelogs/unreleased/security-sarcila-verify-saml-request-origin.yml
...nreleased/security-sarcila-verify-saml-request-origin.yml
+0
-5
No files found.
CHANGELOG.md
View file @
fa496b64
...
...
@@ -2,6 +2,22 @@
documentation
](
doc/development/changelog.md
)
for instructions on adding your own
entry.
## 12.3.2
### Security (10 changes)
-
Fix Gitaly SearchBlobs flag RPC injection.
-
Add a policy check for system notes that may not be visible due to cross references to private items.
-
Display only participants that user has permission to see on milestone page.
-
Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings.
-
Fix new project path being disclosed through unsubscribe link of issue/merge requests.
-
Prevent bypassing email verification using Salesforce.
-
Do not show resource label events referencing not accessible labels.
-
Cancel all running CI jobs triggered by the user who is just blocked.
-
Only render fixed number of mermaid blocks.
-
Prevent GitLab accounts takeover if SAML is configured.
## 12.3.1
### Fixed (4 changes)
...
...
changelogs/unreleased/12-3-stable.yml
deleted
100644 → 0
View file @
40a93ab0
---
title
:
Fix Gitaly SearchBlobs flag RPC injection
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-12630-private-system-note-disclosed-in-graphql.yml
deleted
100644 → 0
View file @
40a93ab0
---
title
:
Add a policy check for system notes that may not be visible due to cross references
to private items
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-12717-fix-confidential-issue-assignee-visible-to-guests.yml
deleted
100644 → 0
View file @
40a93ab0
---
title
:
Display only participants that user has permission to see on milestone page
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-12718-project-milestones-disclosed-via-groups.yml
deleted
100644 → 0
View file @
40a93ab0
---
title
:
Do not disclose project milestones on group milestones page when project milestones
access is disabled in project settings
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-64938-dont-disclose-path.yml
deleted
100644 → 0
View file @
40a93ab0
---
title
:
Fix new project path being disclosed through unsubscribe link of issue/merge
requests
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-bypass-email-verification-using-salesforce.yml
deleted
100644 → 0
View file @
40a93ab0
---
title
:
Prevent bypassing email verification using Salesforce
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-cross-reference-fix.yml
deleted
100644 → 0
View file @
40a93ab0
---
title
:
Do not show resource label events referencing not accessible labels.
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-fp-stop-jobs-when-blocking-user.yml
deleted
100644 → 0
View file @
40a93ab0
---
title
:
Cancel all running CI jobs triggered by the user who is just blocked
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-mermaid-block.yml
deleted
100644 → 0
View file @
40a93ab0
---
title
:
Only render fixed number of mermaid blocks
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-sarcila-verify-saml-request-origin.yml
deleted
100644 → 0
View file @
40a93ab0
---
title
:
Prevent GitLab accounts takeover if SAML is configured
merge_request
:
author
:
type
:
security
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment