Update CHANGELOG.md for 12.5.8

[ci skip]

CHANGELOG.md

@@ -2,6 +2,35 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
+## 12.5.8
+
+### Security (19 changes, 1 of them is from the community)
+
+- Prevent gafana integration token from being displayed as a plain text to other project maintainers, by only displaying a masked version of it.
+- Update rdoc to 6.1.2.
+- Bump rubyzip to 2.0.0. (Utkarsh Gupta)
+- Cleanup todos for users from a removed linked group.
+- Disable access to last_pipeline in commits API for users without read permissions.
+- Add constraint to group dependency proxy endpoint param.
+- Limit number of AsciiDoc includes per document.
+- Prevent API access for unconfirmed users.
+- Enforce permission check when counting activity events.
+- Update rack-cors to 1.0.6.
+- Fix xss on frequent groups dropdown.
+- Fix XSS vulnerability on custom project templates form.
+- Protect internal CI builds from external overrides.
+- ImportExport::ExportService to require admin_project permission.
+- Make sure that only system notes where all references are visible to user are exposed in GraphQL API.
+- Disable caching of repository/files/:file_path/raw API endpoint.
+- Make cross-repository comparisons happen in the source repository.
+- Update excon to 0.71.1 to fix CVE-2019-16779.
+- Add workhorse request verification to package upload endpoints.
+
+### Changed (1 change, 1 of them is from the community)
+
+- Add template repository usage to the usage ping. !20126 (minghuan lei)
+
+
 ## 12.5.7
 ### Security (1 change)

changelogs/unreleased/7597-add-template-repository-usage-to-the-usage-ping.yml

----
-title: Add template repository usage to the usage ping
-merge_request: 20126
-author: minghuan lei
-type: changed

changelogs/unreleased/jl-bump-rack-cors-1-0-6.yml

----
-title: Update rack-cors to 1.0.6
-merge_request:
-author:
-type: security

changelogs/unreleased/jl-bump-rdoc-6-1-2.yml

----
-title: Update rdoc to 6.1.2
-merge_request:
-author:
-type: security

changelogs/unreleased/security-13-update-ruby-zip-pages-master.yml

----
-title: Bump rubyzip to 2.0.0
-merge_request:
-author: Utkarsh Gupta
-type: security

changelogs/unreleased/security-35235-todos-cleanup.yml

----
-title: Cleanup todos for users from a removed linked group
-merge_request:
-author:
-type: security

changelogs/unreleased/security-commits-api-last-pipeline-status.yml

----
-title: Disable access to last_pipeline in commits API for users without read permissions
-merge_request:
-author:
-type: security

changelogs/unreleased/security-dependency-proxy-path-traversal.yml

----
-title: Add constraint to group dependency proxy endpoint param
-merge_request:
-author:
-type: security

changelogs/unreleased/security-dos-via-asciidoc-includes.yml

----
-title: Limit number of AsciiDoc includes per document
-merge_request:
-author:
-type: security

changelogs/unreleased/security-email-confirmation-bypass-via-api-ee.yml

----
-title: Prevent API access for unconfirmed users
-merge_request:
-author:
-type: security

changelogs/unreleased/security-enforce-permissions-for-event-filter-ee.yml

----
-title: Enforce permission check when counting activity events
-merge_request:
-author:
-type: security

changelogs/unreleased/security-fix-grafana-token-leaked-in-plain-to-other-maintainers.yml

----
-title: Prevent gafana integration token from being displayed as a plain text to other project maintainers, by only displaying a masked version of it.
-merge_request:
-author:
-type: security

changelogs/unreleased/security-fix-xss-on-frequent-groups-dropdown.yml

----
-title: Fix xss on frequent groups dropdown
-merge_request:
-author:
-type: security

changelogs/unreleased/security-fix-xss-on-project-templates.yml

----
-title: Fix XSS vulnerability on custom project templates form
-merge_request:
-author:
-type: security

changelogs/unreleased/security-proctect-internal-builds-from-external-overrides.yml

----
-title: Protect internal CI builds from external overrides
-merge_request:
-author:
-type: security

changelogs/unreleased/security-project_export_service_permission_check.yml

----
-title: ImportExport::ExportService to require admin_project permission
-merge_request:
-author:
-type: security

changelogs/unreleased/security-reference-check.yml

----
-title: Make sure that only system notes where all references are visible to user are exposed in GraphQL API.
-merge_request:
-author:
-type: security

changelogs/unreleased/security-remove-caching-from-api-project-raw-endpoint.yml

----
-title: Disable caching of repository/files/:file_path/raw API endpoint
-merge_request:
-author:
-type: security

changelogs/unreleased/security-reverse-polarity-of-branch-compare.yml

----
-title: Make cross-repository comparisons happen in the source repository
-merge_request:
-author:
-type: security

changelogs/unreleased/security-update-excon-cve-2019-16779.yml

----
-title: Update excon to 0.71.1 to fix CVE-2019-16779
-merge_request:
-author:
-type: security