GitLab v12.1.12 Release Notes
Release Date: 2019-09-26 // over 4 years ago-
๐ Security (12 changes)
- โ Add a policy check for system notes that may not be visible due to cross references to private items.
- ๐ Display only participants that user has permission to see on milestone page.
- Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings.
- ๐ Check permissions before showing head pipeline blocking merge requests.
- ๐ Fix new project path being disclosed through unsubscribe link of issue/merge requests.
- Prevent bypassing email verification using Salesforce.
- Do not show resource label events referencing not accessible labels.
- ๐ท Cancel all running CI jobs triggered by the user who is just blocked.
- ๐ Fix Gitaly SearchBlobs flag RPC injection.
- ๐ Only render fixed number of mermaid blocks.
- ๐ง Prevent GitLab accounts takeover if SAML is configured.
- โฌ๏ธ Upgrade mermaid to prevent XSS.