Update CHANGELOG.md for 12.10.7

[ci skip]
parent 7ee8a6cf
...@@ -2,6 +2,26 @@ ...@@ -2,6 +2,26 @@
documentation](doc/development/changelog.md) for instructions on adding your own documentation](doc/development/changelog.md) for instructions on adding your own
entry. entry.
## 12.10.7 (2020-05-27)
### Security (14 changes)
- Add an extra validation to Static Site Editor payload.
- Hide EKS secret key in admin integrations settings.
- Added data integrity check before updating a deploy key.
- Display only verified emails on notifications and profile page.
- Disable caching on repo/blobs/[sha]/raw endpoint.
- Require confirmed email address for GitLab OAuth authentication.
- Kubernetes cluster details page no longer exposes Service Token.
- Fix confirming unverified emails with soft email confirmation flow enabled.
- Disallow user to control PUT request using mermaid markdown in issue description.
- Check forked project permissions before allowing fork.
- Limit memory footprint of a command that generates ZIP artifacts metadata.
- Fix file enuming using Group Import.
- Prevent XSS in the monitoring dashboard.
- Use `gsub` instead of the Ruby `%` operator to perform variable substitution in Prometheus proxy API.
## 12.10.6 (2020-05-15) ## 12.10.6 (2020-05-15)
### Fixed (5 changes) ### Fixed (5 changes)
......
---
title: Add an extra validation to Static Site Editor payload
merge_request:
author:
type: security
---
title: Hide EKS secret key in admin integrations settings
merge_request:
author:
type: security
---
title: Added data integrity check before updating a deploy key.
merge_request:
author:
type: security
---
title: Display only verified emails on notifications and profile page
merge_request:
author:
type: security
---
title: Disable caching on repo/blobs/[sha]/raw endpoint
merge_request:
author:
type: security
---
title: Require confirmed email address for GitLab OAuth authentication
merge_request:
author:
type: security
---
title: Kubernetes cluster details page no longer exposes Service Token
merge_request:
author:
type: security
---
title: Fix confirming unverified emails with soft email confirmation flow enabled
merge_request:
author:
type: security
---
title: Disallow user to control PUT request using mermaid markdown in issue description
merge_request:
author:
type: security
---
title: Check forked project permissions before allowing fork
merge_request:
author:
type: security
---
title: Limit memory footprint of a command that generates ZIP artifacts metadata
merge_request:
author:
type: security
---
title: Fix file enuming using Group Import
merge_request:
author:
type: security
---
title: Prevent XSS in the monitoring dashboard
merge_request:
author:
type: security
---
title: Use `gsub` instead of the Ruby `%` operator to perform variable substitution in Prometheus proxy API
merge_request:
author:
type: security
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment