Skip to content
Snippets Groups Projects
Commit 44d6baba authored by GitLab Release Tools Bot's avatar GitLab Release Tools Bot
Browse files

Update CHANGELOG.md for 12.6.5 

[ci skip]
parent 24d41a30
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 25 additions and 95 deletions
CHANGELOG.md
+ 25
0
View file @ 44d6baba
@@ -2,6 +2,31 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
 
## 12.6.5
### Security (19 changes, 1 of them is from the community)
- Update rack-cors to 1.0.6.
- Update rdoc to 6.1.2.
- Bump rubyzip to 2.0.0. (Utkarsh Gupta)
- Cleanup todos for users from a removed linked group.
- Disable access to last_pipeline in commits API for users without read permissions.
- Add constraint to group dependency proxy endpoint param.
- Limit number of AsciiDoc includes per document.
- Prevent API access for unconfirmed users.
- Enforce permission check when counting activity events.
- Prevent gafana integration token from being displayed as a plain text to other project maintainers, by only displaying a masked version of it.
- Fix xss on frequent groups dropdown.
- Fix XSS vulnerability on custom project templates form.
- Protect internal CI builds from external overrides.
- ImportExport::ExportService to require admin_project permission.
- Make sure that only system notes where all references are visible to user are exposed in GraphQL API.
- Disable caching of repository/files/:file_path/raw API endpoint.
- Make cross-repository comparisons happen in the source repository.
- Update excon to 0.71.1 to fix CVE-2019-16779.
- Add workhorse request verification to package upload endpoints.
## 12.6.4
 
### Security (1 change)
changelogs/unreleased/jl-bump-rack-cors-1-0-6.yml deleted 100644 → 0
+ 0
5
View file @ 24d41a30
---
title: Update rack-cors to 1.0.6
merge_request:
author:
type: security
changelogs/unreleased/jl-bump-rdoc-6-1-2.yml deleted 100644 → 0
+ 0
5
View file @ 24d41a30
---
title: Update rdoc to 6.1.2
merge_request:
author:
type: security
changelogs/unreleased/security-13-update-ruby-zip-pages-master.yml deleted 100644 → 0
+ 0
5
View file @ 24d41a30
---
title: Bump rubyzip to 2.0.0
merge_request:
author: Utkarsh Gupta
type: security
changelogs/unreleased/security-35235-todos-cleanup.yml deleted 100644 → 0
+ 0
5
View file @ 24d41a30
---
title: Cleanup todos for users from a removed linked group
merge_request:
author:
type: security
changelogs/unreleased/security-commits-api-last-pipeline-status.yml deleted 100644 → 0
+ 0
5
View file @ 24d41a30
---
title: Disable access to last_pipeline in commits API for users without read permissions
merge_request:
author:
type: security
changelogs/unreleased/security-dependency-proxy-path-traversal.yml deleted 100644 → 0
+ 0
5
View file @ 24d41a30
---
title: Add constraint to group dependency proxy endpoint param
merge_request:
author:
type: security
changelogs/unreleased/security-dos-via-asciidoc-includes.yml deleted 100644 → 0
+ 0
5
View file @ 24d41a30
---
title: Limit number of AsciiDoc includes per document
merge_request:
author:
type: security
changelogs/unreleased/security-email-confirmation-bypass-via-api-ee.yml deleted 100644 → 0
+ 0
5
View file @ 24d41a30
---
title: Prevent API access for unconfirmed users
merge_request:
author:
type: security
changelogs/unreleased/security-enforce-permissions-for-event-filter-ee.yml deleted 100644 → 0
+ 0
5
View file @ 24d41a30
---
title: Enforce permission check when counting activity events
merge_request:
author:
type: security
changelogs/unreleased/security-fix-grafana-token-leaked-in-plain-to-other-maintainers.yml deleted 100644 → 0
+ 0
5
View file @ 24d41a30
---
title: Prevent gafana integration token from being displayed as a plain text to other project maintainers, by only displaying a masked version of it.
merge_request:
author:
type: security
changelogs/unreleased/security-fix-xss-on-frequent-groups-dropdown.yml deleted 100644 → 0
+ 0
5
View file @ 24d41a30
---
title: Fix xss on frequent groups dropdown
merge_request:
author:
type: security
changelogs/unreleased/security-fix-xss-on-project-templates.yml deleted 100644 → 0
+ 0
5
View file @ 24d41a30
---
title: Fix XSS vulnerability on custom project templates form
merge_request:
author:
type: security
changelogs/unreleased/security-proctect-internal-builds-from-external-overrides.yml deleted 100644 → 0
+ 0
5
View file @ 24d41a30
---
title: Protect internal CI builds from external overrides
merge_request:
author:
type: security
changelogs/unreleased/security-project_export_service_permission_check.yml deleted 100644 → 0
+ 0
5
View file @ 24d41a30
---
title: ImportExport::ExportService to require admin_project permission
merge_request:
author:
type: security
changelogs/unreleased/security-reference-check.yml deleted 100644 → 0
+ 0
5
View file @ 24d41a30
---
title: Make sure that only system notes where all references are visible to user are exposed in GraphQL API.
merge_request:
author:
type: security
changelogs/unreleased/security-remove-caching-from-api-project-raw-endpoint.yml deleted 100644 → 0
+ 0
5
View file @ 24d41a30
---
title: Disable caching of repository/files/:file_path/raw API endpoint
merge_request:
author:
type: security
changelogs/unreleased/security-reverse-polarity-of-branch-compare.yml deleted 100644 → 0
+ 0
5
View file @ 24d41a30
---
title: Make cross-repository comparisons happen in the source repository
merge_request:
author:
type: security
changelogs/unreleased/security-update-excon-cve-2019-16779.yml deleted 100644 → 0
+ 0
5
View file @ 24d41a30
---
title: Update excon to 0.71.1 to fix CVE-2019-16779
merge_request:
author:
type: security
changelogs/unreleased/security-workhorse-package-bypass-12-6.yml deleted 100644 → 0
+ 0
5
View file @ 24d41a30
---
title: Add workhorse request verification to package upload endpoints
merge_request:
author:
type: security
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment