Skip to content

G
gitlab-ce
Commit 2d03845a authored by Marin Jankovski's avatar Marin Jankovski
Browse files
Options

Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhq

parents 1dd77c71 4542a994
Hide whitespace changes
Inline Side-by-side
Showing with 12 additions and 0 deletions
CHANGELOG.md
View file @ 2d03845a
......@@ -636,12 +636,19 @@ entry.
## 12.1.12
<<<<<<< HEAD
### Security (11 changes)
=======
### Security (12 changes)
>>>>>>> master
- Add a policy check for system notes that may not be visible due to cross references to private items.
- Display only participants that user has permission to see on milestone page.
- Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings.
<<<<<<< HEAD
=======
- Check permissions before showing head pipeline blocking merge requests.
>>>>>>> master
- Fix new project path being disclosed through unsubscribe link of issue/merge requests.
- Prevent bypassing email verification using Salesforce.
- Do not show resource label events referencing not accessible labels.
......
changelogs/unreleased/12-3-stable.yml 0 → 100644
View file @ 2d03845a
---
title: Fix Gitaly SearchBlobs flag RPC injection
merge_request:
author:
type: security
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7