Update CHANGELOG.md for 12.8.2

[ci skip]

1 files changed, 27 insertions, 0 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f50be96ac50..e0493d54fc8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,33 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 12.8.2
+
+### Security (17 changes)
+
+- Update container registry authentication to account for login request when checking permissions.
+- Update ProjectAuthorization when deleting or updating GroupGroupLink.
+- Prevent an endless checking loop for two merge requests targeting each other.
+- Update user 2fa when accepting a group invite.
+- Fix for XSS in branch names.
+- Prevent directory traversal through FileUploader.
+- Run project badge images through the asset proxy.
+- Check merge requests read permissions before showing them in the pipeline widget.
+- Respect member access level for group shares.
+- Remove OID filtering during LFS imports.
+- Protect against denial of service using pipeline webhook recursion.
+- Expire account confirmation token.
+- Prevent XSS in admin grafana URL setting.
+- Don't require base_sha in DiffRefsType.
+- Sanitize output by dependency linkers.
+- Recalculate ProjectAuthorizations for all users.
+- Escape special chars in Sentry error header.
+
+### Other (1 change, 1 of them is from the community)
+
+- Fix fixtures for Error Tracking Web UI. !26233 (Takuya Noguchi)
+
+
 ## 12.8.1
 
 ### Fixed (5 changes)