summaryrefslogtreecommitdiff
path: root/CHANGELOG.md
diff options
context:
space:
mode:
authorGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>2020-01-28 22:31:39 +0000
committerGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>2020-01-28 22:31:39 +0000
commit156529780508bbca3221c822e4a6a6faa8f5eb88 (patch)
tree6689f301051496fb530f1cf0bb01dc947e1967af /CHANGELOG.md
parent0fc0305740a567f0cc98e04bcee55791f5d1ba2d (diff)
downloadgitlab-ce-156529780508bbca3221c822e4a6a6faa8f5eb88.tar.gz
Update CHANGELOG.md for 12.6.5
[ci skip]
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r--CHANGELOG.md25
1 files changed, 25 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5ce73eb8895..5f591e97b21 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -359,6 +359,31 @@ entry.
- Update the Net-LDAP gem to 0.16.2.
+## 12.6.5
+
+### Security (19 changes, 1 of them is from the community)
+
+- Update rack-cors to 1.0.6.
+- Update rdoc to 6.1.2.
+- Bump rubyzip to 2.0.0. (Utkarsh Gupta)
+- Cleanup todos for users from a removed linked group.
+- Disable access to last_pipeline in commits API for users without read permissions.
+- Add constraint to group dependency proxy endpoint param.
+- Limit number of AsciiDoc includes per document.
+- Prevent API access for unconfirmed users.
+- Enforce permission check when counting activity events.
+- Prevent gafana integration token from being displayed as a plain text to other project maintainers, by only displaying a masked version of it.
+- Fix xss on frequent groups dropdown.
+- Fix XSS vulnerability on custom project templates form.
+- Protect internal CI builds from external overrides.
+- ImportExport::ExportService to require admin_project permission.
+- Make sure that only system notes where all references are visible to user are exposed in GraphQL API.
+- Disable caching of repository/files/:file_path/raw API endpoint.
+- Make cross-repository comparisons happen in the source repository.
+- Update excon to 0.71.1 to fix CVE-2019-16779.
+- Add workhorse request verification to package upload endpoints.
+
+
## 12.6.4
### Security (1 change)