Commit c9e7461c authored by GitLab Release Tools Bot's avatar GitLab Release Tools Bot
Browse files

Update CHANGELOG.md for 12.6.8

[ci skip]
parent 54d4ad94
......@@ -2,6 +2,28 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
 
## 12.6.8
### Security (16 changes)
- Respect member access level for group shares.
- Prevent an endless checking loop for two merge requests targeting each other.
- Update user 2fa when accepting a group invite.
- Fix for XSS in branch names.
- Prevent directory traversal through FileUploader.
- Run project badge images through the asset proxy.
- Check merge requests read permissions before showing them in the pipeline widget.
- Update container registry authentication to account for login request when checking permissions.
- Remove OID filtering during LFS imports.
- Protect against denial of service using pipeline webhook recursion.
- Expire account confirmation token.
- Prevent XSS in admin grafana URL setting.
- Don't require base_sha in DiffRefsType.
- Sanitize output by dependency linkers.
- Recalculate ProjectAuthorizations for all users.
- Escape special chars in Sentry error header.
## 12.6.7
 
### Security (1 change)
......
---
title: Respect member access level for group shares
merge_request:
author:
type: security
---
title: Prevent an endless checking loop for two merge requests targeting each other
merge_request:
author:
type: security
---
title: Update user 2fa when accepting a group invite
merge_request:
author:
type: security
---
title: Fix for XSS in branch names
merge_request:
author:
type: security
---
title: Prevent directory traversal through FileUploader
merge_request:
author:
type: security
---
title: Run project badge images through the asset proxy
merge_request:
author:
type: security
---
title: Check merge requests read permissions before showing them in the pipeline widget
merge_request:
author:
type: security
---
title: Update container registry authentication to account for login request when
checking permissions
merge_request:
author:
type: security
---
title: Remove OID filtering during LFS imports
merge_request:
author:
type: security
---
title: Protect against denial of service using pipeline webhook recursion
merge_request:
author:
type: security
---
title: Expire account confirmation token
merge_request:
author:
type: security
---
title: Prevent XSS in admin grafana URL setting
merge_request:
author:
type: security
---
title: Don't require base_sha in DiffRefsType
merge_request:
author:
type: security
---
title: Sanitize output by dependency linkers
merge_request:
author:
type: security
---
title: Recalculate ProjectAuthorizations for all users
merge_request:
author:
type: security
---
title: Escape special chars in Sentry error header
merge_request:
author:
type: security
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment