Update CHANGELOG.md for 12.8.2

[ci skip]

CHANGELOG.md

@@ -2,6 +2,33 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 12.8.2
+
+### Security (17 changes)
+
+- Update container registry authentication to account for login request when checking permissions.
+- Update ProjectAuthorization when deleting or updating GroupGroupLink.
+- Prevent an endless checking loop for two merge requests targeting each other.
+- Update user 2fa when accepting a group invite.
+- Fix for XSS in branch names.
+- Prevent directory traversal through FileUploader.
+- Run project badge images through the asset proxy.
+- Check merge requests read permissions before showing them in the pipeline widget.
+- Respect member access level for group shares.
+- Remove OID filtering during LFS imports.
+- Protect against denial of service using pipeline webhook recursion.
+- Expire account confirmation token.
+- Prevent XSS in admin grafana URL setting.
+- Don't require base_sha in DiffRefsType.
+- Sanitize output by dependency linkers.
+- Recalculate ProjectAuthorizations for all users.
+- Escape special chars in Sentry error header.
+
+### Other (1 change, 1 of them is from the community)
+
+- Fix fixtures for Error Tracking Web UI. !26233 (Takuya Noguchi)
+
+
 ## 12.8.1
 
 ### Fixed (5 changes)

changelogs/unreleased/199035-sharing_group_to_update_project_authorization.yml

----
-title: Update ProjectAuthorization when deleting or updating GroupGroupLink
-merge_request:
-author:
-type: security

changelogs/unreleased/199415-sharing_group_to_respect_member_access_level.yml

----
-title: Respect member access level for group shares
-merge_request:
-author:
-type: security

changelogs/unreleased/208548-better-spec-test-for-error-tracking-web-ui.yml

----
-title: Fix fixtures for Error Tracking Web UI
-merge_request: 26233
-author: Takuya Noguchi
-type: other

changelogs/unreleased/36805-confidential-issue.yml

----
-title: Prevent an endless checking loop for two merge requests targeting each other
-merge_request:
-author:
-type: security

changelogs/unreleased/enfoce-group-member-2fa.yml

----
-title: Update user 2fa when accepting a group invite
-merge_request:
-author:
-type: security

changelogs/unreleased/security-49-xss-branch-names.yml

----
-title: Fix for XSS in branch names
-merge_request:
-author:
-type: security

changelogs/unreleased/security-709-secret-traversal.yml

----
-title: Prevent directory traversal through FileUploader
-merge_request:
-author:
-type: security

changelogs/unreleased/security-badge-camo.yml

----
-title: Run project badge images through the asset proxy
-merge_request:
-author:
-type: security

changelogs/unreleased/security-check-mr-permissions-for-pipeline-widget.yml

----
-title: Check merge requests read permissions before showing them in the pipeline widget
-merge_request:
-author:
-type: security

changelogs/unreleased/security-deploy-token-registry-access.yml

----
-title: Update container registry authentication to account for login request when
-  checking permissions
-merge_request:
-author:
-type: security

changelogs/unreleased/security-deprecate-lfs-link-service.yml

----
-title: Remove OID filtering during LFS imports
-merge_request:
-author:
-type: security

changelogs/unreleased/security-disable-pipeline-webhook-recursion.yml

----
-title: Protect against denial of service using pipeline webhook recursion
-merge_request:
-author:
-type: security

changelogs/unreleased/security-expire-confirmation-token.yml

----
-title: Expire account confirmation token
-merge_request:
-author:
-type: security

changelogs/unreleased/security-grafana-stored-xss.yml

----
-title: Prevent XSS in admin grafana URL setting
-merge_request:
-author:
-type: security

changelogs/unreleased/security-graphql-diff-refs-empty-base-sha.yml

----
-title: Don't require base_sha in DiffRefsType
-merge_request:
-author:
-type: security

changelogs/unreleased/security-pb-fix-xss-dependency-link.yml

----
-title: Sanitize output by dependency linkers
-merge_request:
-author:
-type: security

changelogs/unreleased/security-recalculate_project_authorizations_run_2.yml

----
-title: Recalculate ProjectAuthorizations for all users
-merge_request:
-author:
-type: security

changelogs/unreleased/security-safe-sentry-error-culprit.yml

----
-title: Escape special chars in Sentry error header
-merge_request:
-author:
-type: security