Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
9458f7c5
Commit
9458f7c5
authored
Mar 04, 2020
by
GitLab Release Tools Bot
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update CHANGELOG.md for 12.8.2
[ci skip]
parent
e5006d02
Changes
19
Show whitespace changes
Inline
Side-by-side
Showing
19 changed files
with
27 additions
and
91 deletions
+27
-91
CHANGELOG.md
CHANGELOG.md
+27
-0
changelogs/unreleased/199035-sharing_group_to_update_project_authorization.yml
.../199035-sharing_group_to_update_project_authorization.yml
+0
-5
changelogs/unreleased/199415-sharing_group_to_respect_member_access_level.yml
...d/199415-sharing_group_to_respect_member_access_level.yml
+0
-5
changelogs/unreleased/208548-better-spec-test-for-error-tracking-web-ui.yml
...sed/208548-better-spec-test-for-error-tracking-web-ui.yml
+0
-5
changelogs/unreleased/36805-confidential-issue.yml
changelogs/unreleased/36805-confidential-issue.yml
+0
-5
changelogs/unreleased/enfoce-group-member-2fa.yml
changelogs/unreleased/enfoce-group-member-2fa.yml
+0
-5
changelogs/unreleased/security-49-xss-branch-names.yml
changelogs/unreleased/security-49-xss-branch-names.yml
+0
-5
changelogs/unreleased/security-709-secret-traversal.yml
changelogs/unreleased/security-709-secret-traversal.yml
+0
-5
changelogs/unreleased/security-badge-camo.yml
changelogs/unreleased/security-badge-camo.yml
+0
-5
changelogs/unreleased/security-check-mr-permissions-for-pipeline-widget.yml
...sed/security-check-mr-permissions-for-pipeline-widget.yml
+0
-5
changelogs/unreleased/security-deploy-token-registry-access.yml
...logs/unreleased/security-deploy-token-registry-access.yml
+0
-6
changelogs/unreleased/security-deprecate-lfs-link-service.yml
...gelogs/unreleased/security-deprecate-lfs-link-service.yml
+0
-5
changelogs/unreleased/security-disable-pipeline-webhook-recursion.yml
...nreleased/security-disable-pipeline-webhook-recursion.yml
+0
-5
changelogs/unreleased/security-expire-confirmation-token.yml
changelogs/unreleased/security-expire-confirmation-token.yml
+0
-5
changelogs/unreleased/security-grafana-stored-xss.yml
changelogs/unreleased/security-grafana-stored-xss.yml
+0
-5
changelogs/unreleased/security-graphql-diff-refs-empty-base-sha.yml
.../unreleased/security-graphql-diff-refs-empty-base-sha.yml
+0
-5
changelogs/unreleased/security-pb-fix-xss-dependency-link.yml
...gelogs/unreleased/security-pb-fix-xss-dependency-link.yml
+0
-5
changelogs/unreleased/security-recalculate_project_authorizations_run_2.yml
...sed/security-recalculate_project_authorizations_run_2.yml
+0
-5
changelogs/unreleased/security-safe-sentry-error-culprit.yml
changelogs/unreleased/security-safe-sentry-error-culprit.yml
+0
-5
No files found.
CHANGELOG.md
View file @
9458f7c5
...
...
@@ -2,6 +2,33 @@
documentation
](
doc/development/changelog.md
)
for instructions on adding your own
entry.
## 12.8.2
### Security (17 changes)
-
Update container registry authentication to account for login request when checking permissions.
-
Update ProjectAuthorization when deleting or updating GroupGroupLink.
-
Prevent an endless checking loop for two merge requests targeting each other.
-
Update user 2fa when accepting a group invite.
-
Fix for XSS in branch names.
-
Prevent directory traversal through FileUploader.
-
Run project badge images through the asset proxy.
-
Check merge requests read permissions before showing them in the pipeline widget.
-
Respect member access level for group shares.
-
Remove OID filtering during LFS imports.
-
Protect against denial of service using pipeline webhook recursion.
-
Expire account confirmation token.
-
Prevent XSS in admin grafana URL setting.
-
Don't require base_sha in DiffRefsType.
-
Sanitize output by dependency linkers.
-
Recalculate ProjectAuthorizations for all users.
-
Escape special chars in Sentry error header.
### Other (1 change, 1 of them is from the community)
-
Fix fixtures for Error Tracking Web UI. !26233 (Takuya Noguchi)
## 12.8.1
### Fixed (5 changes)
...
...
changelogs/unreleased/199035-sharing_group_to_update_project_authorization.yml
deleted
100644 → 0
View file @
e5006d02
---
title
:
Update ProjectAuthorization when deleting or updating GroupGroupLink
merge_request
:
author
:
type
:
security
changelogs/unreleased/199415-sharing_group_to_respect_member_access_level.yml
deleted
100644 → 0
View file @
e5006d02
---
title
:
Respect member access level for group shares
merge_request
:
author
:
type
:
security
changelogs/unreleased/208548-better-spec-test-for-error-tracking-web-ui.yml
deleted
100644 → 0
View file @
e5006d02
---
title
:
Fix fixtures for Error Tracking Web UI
merge_request
:
26233
author
:
Takuya Noguchi
type
:
other
changelogs/unreleased/36805-confidential-issue.yml
deleted
100644 → 0
View file @
e5006d02
---
title
:
Prevent an endless checking loop for two merge requests targeting each other
merge_request
:
author
:
type
:
security
changelogs/unreleased/enfoce-group-member-2fa.yml
deleted
100644 → 0
View file @
e5006d02
---
title
:
Update user 2fa when accepting a group invite
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-49-xss-branch-names.yml
deleted
100644 → 0
View file @
e5006d02
---
title
:
Fix for XSS in branch names
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-709-secret-traversal.yml
deleted
100644 → 0
View file @
e5006d02
---
title
:
Prevent directory traversal through FileUploader
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-badge-camo.yml
deleted
100644 → 0
View file @
e5006d02
---
title
:
Run project badge images through the asset proxy
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-check-mr-permissions-for-pipeline-widget.yml
deleted
100644 → 0
View file @
e5006d02
---
title
:
Check merge requests read permissions before showing them in the pipeline widget
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-deploy-token-registry-access.yml
deleted
100644 → 0
View file @
e5006d02
---
title
:
Update container registry authentication to account for login request when
checking permissions
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-deprecate-lfs-link-service.yml
deleted
100644 → 0
View file @
e5006d02
---
title
:
Remove OID filtering during LFS imports
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-disable-pipeline-webhook-recursion.yml
deleted
100644 → 0
View file @
e5006d02
---
title
:
Protect against denial of service using pipeline webhook recursion
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-expire-confirmation-token.yml
deleted
100644 → 0
View file @
e5006d02
---
title
:
Expire account confirmation token
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-grafana-stored-xss.yml
deleted
100644 → 0
View file @
e5006d02
---
title
:
Prevent XSS in admin grafana URL setting
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-graphql-diff-refs-empty-base-sha.yml
deleted
100644 → 0
View file @
e5006d02
---
title
:
Don't require base_sha in DiffRefsType
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-pb-fix-xss-dependency-link.yml
deleted
100644 → 0
View file @
e5006d02
---
title
:
Sanitize output by dependency linkers
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-recalculate_project_authorizations_run_2.yml
deleted
100644 → 0
View file @
e5006d02
---
title
:
Recalculate ProjectAuthorizations for all users
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-safe-sentry-error-culprit.yml
deleted
100644 → 0
View file @
e5006d02
---
title
:
Escape special chars in Sentry error header
merge_request
:
author
:
type
:
security
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment