From 9c4fe65768ccd43baa5bb10d8c2098cac0662562 Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> Date: Tue, 26 Nov 2019 17:05:21 +0000 Subject: [PATCH] Update CHANGELOG-EE.md for 12.3.7-ee [ci skip] --- CHANGELOG-EE.md | 12 ++++++++++++ .../security-2940-fix-jira-integration-endpoints.yml | 5 ----- ee/changelogs/unreleased/security-33712.yml | 5 ----- ee/changelogs/unreleased/security-36464-snippet.yml | 5 ----- .../unreleased/security-aws-secret-key-2937.yml | 5 ----- .../security-fix-blocked-user-pull-mirror.yml | 5 ----- .../security-idor-protected-environment-users.yml | 5 ----- 7 files changed, 12 insertions(+), 30 deletions(-) delete mode 100644 ee/changelogs/unreleased/security-2940-fix-jira-integration-endpoints.yml delete mode 100644 ee/changelogs/unreleased/security-33712.yml delete mode 100644 ee/changelogs/unreleased/security-36464-snippet.yml delete mode 100644 ee/changelogs/unreleased/security-aws-secret-key-2937.yml delete mode 100644 ee/changelogs/unreleased/security-fix-blocked-user-pull-mirror.yml delete mode 100644 ee/changelogs/unreleased/security-idor-protected-environment-users.yml diff --git a/CHANGELOG-EE.md b/CHANGELOG-EE.md index 4fe3eb11b2c9f..b409dc3df4b4a 100644 --- a/CHANGELOG-EE.md +++ b/CHANGELOG-EE.md @@ -236,6 +236,18 @@ Please view this file on the master branch, on stable branches it's out of date. - Docs for protected branch code owner approval API. !17132 +## 12.3.7 + +### Security (6 changes) + +- Protect Jira integration endpoints from guest users. +- Fix private comment Elasticsearch leak on project search scope. +- Filter snippet search results by feature visibility. +- Hide AWS secret on Admin Integration page. +- Fail pull mirror when mirror user is blocked. +- Prevent IDOR when adding users to protected environments. + + ## 12.3.4 ### Fixed (2 changes) diff --git a/ee/changelogs/unreleased/security-2940-fix-jira-integration-endpoints.yml b/ee/changelogs/unreleased/security-2940-fix-jira-integration-endpoints.yml deleted file mode 100644 index 0b3d4204e9931..0000000000000 --- a/ee/changelogs/unreleased/security-2940-fix-jira-integration-endpoints.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Protect Jira integration endpoints from guest users -merge_request: -author: -type: security diff --git a/ee/changelogs/unreleased/security-33712.yml b/ee/changelogs/unreleased/security-33712.yml deleted file mode 100644 index 8f8009d5583b6..0000000000000 --- a/ee/changelogs/unreleased/security-33712.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix private comment Elasticsearch leak on project search scope -merge_request: -author: -type: security diff --git a/ee/changelogs/unreleased/security-36464-snippet.yml b/ee/changelogs/unreleased/security-36464-snippet.yml deleted file mode 100644 index 2c3ac896b0787..0000000000000 --- a/ee/changelogs/unreleased/security-36464-snippet.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Filter snippet search results by feature visibility -merge_request: -author: -type: security diff --git a/ee/changelogs/unreleased/security-aws-secret-key-2937.yml b/ee/changelogs/unreleased/security-aws-secret-key-2937.yml deleted file mode 100644 index 87d0182273ca6..0000000000000 --- a/ee/changelogs/unreleased/security-aws-secret-key-2937.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Hide AWS secret on Admin Integration page -merge_request: -author: -type: security diff --git a/ee/changelogs/unreleased/security-fix-blocked-user-pull-mirror.yml b/ee/changelogs/unreleased/security-fix-blocked-user-pull-mirror.yml deleted file mode 100644 index a9a5ad5905d7a..0000000000000 --- a/ee/changelogs/unreleased/security-fix-blocked-user-pull-mirror.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fail pull mirror when mirror user is blocked -merge_request: -author: -type: security diff --git a/ee/changelogs/unreleased/security-idor-protected-environment-users.yml b/ee/changelogs/unreleased/security-idor-protected-environment-users.yml deleted file mode 100644 index a80e5fa2e2b13..0000000000000 --- a/ee/changelogs/unreleased/security-idor-protected-environment-users.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent IDOR when adding users to protected environments -merge_request: -author: -type: security -- GitLab