Update CHANGELOG.md for 12.3.7

[ci skip]
parent dfac6800
......@@ -735,6 +735,21 @@ entry.
- Remove Postgresql specific setup tasks and move to schema.rb.
## 12.3.7
### Security (9 changes)
- Check permissions before showing a forked project's source.
- Encrypt application setting tokens.
- Update Workhorse and Gitaly to fix a security issue.
- Hide commit counts from guest users in Cycle Analytics.
- Limit potential for DNS rebind SSRF in chat notifications.
- Fix 500 error caused by invalid byte sequences in links.
- Ensure are cleaned by ImportExport::AttributeCleaner.
- Remove notes regarding Related Branches from Issue activity feeds for guest users.
- Escape namespace in label references to prevent XSS.
## 12.3.4
### Fixed (2 changes)
......
---
title: Check permissions before showing a forked project's source
merge_request:
author:
type: security
---
title: Encrypt application setting tokens
merge_request:
author:
type: security
---
title: Hide commit counts from guest users in Cycle Analytics.
merge_request:
author:
type: security
---
title: Limit potential for DNS rebind SSRF in chat notifications
merge_request:
author:
type: security
---
title: Fix 500 error caused by invalid byte sequences in links
merge_request:
author:
type: security
---
title: Ensure are cleaned by ImportExport::AttributeCleaner
merge_request:
author:
type: security
---
title: Remove notes regarding Related Branches from Issue activity feeds for guest
users
merge_request:
author:
type: security
---
title: Escape namespace in label references to prevent XSS
merge_request:
author:
type: security
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment