Commit 2d03845a authored by Marin Jankovski's avatar Marin Jankovski

Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhq

parents 1dd77c71 4542a994
......@@ -636,12 +636,19 @@ entry.
## 12.1.12
<<<<<<< HEAD
### Security (11 changes)
=======
### Security (12 changes)
>>>>>>> master
- Add a policy check for system notes that may not be visible due to cross references to private items.
- Display only participants that user has permission to see on milestone page.
- Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings.
<<<<<<< HEAD
=======
- Check permissions before showing head pipeline blocking merge requests.
>>>>>>> master
- Fix new project path being disclosed through unsubscribe link of issue/merge requests.
- Prevent bypassing email verification using Salesforce.
- Do not show resource label events referencing not accessible labels.
......
---
title: Fix Gitaly SearchBlobs flag RPC injection
merge_request:
author:
type: security
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment