ยซ Changelog History


GitLab v12.1.12 Release Notes

Release Date: 2019-09-26 // over 4 years ago

  • ๐Ÿ”’ Security (12 changes)

    • โž• Add a policy check for system notes that may not be visible due to cross references to private items.
    • ๐Ÿ‘€ Display only participants that user has permission to see on milestone page.
    • Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings.
    • ๐Ÿ”€ Check permissions before showing head pipeline blocking merge requests.
    • ๐Ÿ›  Fix new project path being disclosed through unsubscribe link of issue/merge requests.
    • Prevent bypassing email verification using Salesforce.
    • Do not show resource label events referencing not accessible labels.
    • ๐Ÿ‘ท Cancel all running CI jobs triggered by the user who is just blocked.
    • ๐Ÿ›  Fix Gitaly SearchBlobs flag RPC injection.
    • ๐Ÿ›  Only render fixed number of mermaid blocks.
    • ๐Ÿ”ง Prevent GitLab accounts takeover if SAML is configured.
    • โฌ†๏ธ Upgrade mermaid to prevent XSS.