Skip to content
Snippets Groups Projects
Commit 1cffa117 authored by GitLab Release Tools Bot's avatar GitLab Release Tools Bot
Browse files

Update CHANGELOG.md for 12.4.1 

[ci skip]
parent c4edbefa
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 18 additions and 0 deletions
CHANGELOG.md
+ 18
0
View file @ 1cffa117
@@ -2,6 +2,24 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
 
## 12.4.1
### Security (12 changes)
- Standardize error response when route is missing.
- Do not display project labels that are not visible for user accessing group labels.
- Show cross-referenced label and milestones in issues' activities only to authorized users.
- Analyze incoming GraphQL queries and check for recursion.
- Disallow unprivileged users from commenting on private repository commits.
- Don't allow maintainers of a target project to delete the source branch of a merge request from a fork.
- Require Maintainer permission on group where project is transferred to.
- Don't leak private members in project member autocomplete suggestions.
- Return 404 on LFS request if project doesn't exist.
- Mask sentry auth token in Error Tracking dashboard.
- Fixes a Open Redirect issue in `InternalRedirect`.
- Sanitize all wiki markup formats with GitLab sanitization pipelines.
## 12.4.0
 
### Security (14 changes)
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment