Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
gitlab-ce
Commits
e9aea5b2
Commit
e9aea5b2
authored
Mar 26, 2020
by
GitLab Release Tools Bot
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update CHANGELOG.md for 12.9.1
[ci skip]
parent
729e3765
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
26 additions
and
5 deletions
+26
-5
CHANGELOG.md
CHANGELOG.md
+26
-0
changelogs/unreleased/212178-fix-authorized-keys-worker.yml
changelogs/unreleased/212178-fix-authorized-keys-worker.yml
+0
-5
No files found.
CHANGELOG.md
View file @
e9aea5b2
...
...
@@ -2,6 +2,32 @@
documentation
](
doc/development/changelog.md
)
for instructions on adding your own
entry.
## 12.9.1 (2020-03-26)
### Security (16 changes)
-
Add permission check for pipeline status of MR.
-
Ignore empty remote_id params from Workhorse accelerated uploads.
-
External user can not create personal snippet through API.
-
Prevent malicious entry for group name.
-
Restrict mirroring changes to admins only when mirroring is disabled.
-
Reject all container registry requests from blocked users.
-
Deny localhost requests on fogbugz importer.
-
Redact notes in moved confidential issues.
-
Fix UploadRewriter Path Traversal vulnerability.
-
Block hotlinking to repository archives.
-
Restrict access to project pipeline metrics reports.
-
vulnerability_feedback records should be restricted to a dev role and above.
-
Exclude Carrierwave remote URL methods from import.
-
Update Nokogiri to fix CVE-2020-7595.
-
Prevent updating trigger by other maintainers.
-
Fix XSS vulnerability in
`admin/email`
"Recipient Group" dropdown.
### Fixed (1 change)
-
Fix updating the authorized_keys file. !27798
## 12.9.0 (2020-03-22)
### Security (1 change)
...
...
changelogs/unreleased/212178-fix-authorized-keys-worker.yml
deleted
100644 → 0
View file @
729e3765
---
title
:
Fix updating the authorized_keys file
merge_request
:
27798
author
:
type
:
fixed
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment