Update CHANGELOG.md for 12.8.2

[ci skip]
parent e5006d02
......@@ -2,6 +2,33 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
## 12.8.2
### Security (17 changes)
- Update container registry authentication to account for login request when checking permissions.
- Update ProjectAuthorization when deleting or updating GroupGroupLink.
- Prevent an endless checking loop for two merge requests targeting each other.
- Update user 2fa when accepting a group invite.
- Fix for XSS in branch names.
- Prevent directory traversal through FileUploader.
- Run project badge images through the asset proxy.
- Check merge requests read permissions before showing them in the pipeline widget.
- Respect member access level for group shares.
- Remove OID filtering during LFS imports.
- Protect against denial of service using pipeline webhook recursion.
- Expire account confirmation token.
- Prevent XSS in admin grafana URL setting.
- Don't require base_sha in DiffRefsType.
- Sanitize output by dependency linkers.
- Recalculate ProjectAuthorizations for all users.
- Escape special chars in Sentry error header.
### Other (1 change, 1 of them is from the community)
- Fix fixtures for Error Tracking Web UI. !26233 (Takuya Noguchi)
## 12.8.1
### Fixed (5 changes)
......
---
title: Update ProjectAuthorization when deleting or updating GroupGroupLink
merge_request:
author:
type: security
---
title: Respect member access level for group shares
merge_request:
author:
type: security
---
title: Fix fixtures for Error Tracking Web UI
merge_request: 26233
author: Takuya Noguchi
type: other
---
title: Prevent an endless checking loop for two merge requests targeting each other
merge_request:
author:
type: security
---
title: Update user 2fa when accepting a group invite
merge_request:
author:
type: security
---
title: Fix for XSS in branch names
merge_request:
author:
type: security
---
title: Prevent directory traversal through FileUploader
merge_request:
author:
type: security
---
title: Run project badge images through the asset proxy
merge_request:
author:
type: security
---
title: Check merge requests read permissions before showing them in the pipeline widget
merge_request:
author:
type: security
---
title: Update container registry authentication to account for login request when
checking permissions
merge_request:
author:
type: security
---
title: Remove OID filtering during LFS imports
merge_request:
author:
type: security
---
title: Protect against denial of service using pipeline webhook recursion
merge_request:
author:
type: security
---
title: Expire account confirmation token
merge_request:
author:
type: security
---
title: Prevent XSS in admin grafana URL setting
merge_request:
author:
type: security
---
title: Don't require base_sha in DiffRefsType
merge_request:
author:
type: security
---
title: Sanitize output by dependency linkers
merge_request:
author:
type: security
---
title: Recalculate ProjectAuthorizations for all users
merge_request:
author:
type: security
---
title: Escape special chars in Sentry error header
merge_request:
author:
type: security
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment