Please view this file on the master branch, on stable branches it's out of date. Please view this file on the master branch, on stable branches it's out of date.
## 12.4.5
- No changes.
## 12.4.4
### Security (6 changes)
- Protect Jira integration endpoints from guest users.
- Fix private comment Elasticsearch leak on project search scope.
- Filter snippet search results by feature visibility.
- Hide AWS secret on Admin Integration page.
- Fail pull mirror when mirror user is blocked.
- Prevent IDOR when adding users to protected environments.
## 12.4.3 ## 12.4.3
### Fixed (2 changes) ### Fixed (2 changes)
... ...
......
...@@ -8,17 +8,20 @@ entry. ...@@ -8,17 +8,20 @@ entry.
   
## 12.4.4 ## 12.4.4
   
### Security (9 changes) ### Security (12 changes)
   
- Check permissions before showing a forked project's source. - Do not create todos for approvers without access. !1442
- Limit potential for DNS rebind SSRF in chat notifications.
- Encrypt application setting tokens. - Encrypt application setting tokens.
- Update Workhorse and Gitaly to fix a security issue. - Update Workhorse and Gitaly to fix a security issue.
- Add maven file_name regex validation on incoming files.
- Hide commit counts from guest users in Cycle Analytics. - Hide commit counts from guest users in Cycle Analytics.
- Limit potential for DNS rebind SSRF in chat notifications. - Check permissions before showing a forked project's source.
- Fix 500 error caused by invalid byte sequences in links. - Fix 500 error caused by invalid byte sequences in links.
- Ensure are cleaned by ImportExport::AttributeCleaner. - Ensure are cleaned by ImportExport::AttributeCleaner.
- Remove notes regarding Related Branches from Issue activity feeds for guest users. - Remove notes regarding Related Branches from Issue activity feeds for guest users.
- Escape namespace in label references to prevent XSS. - Escape namespace in label references to prevent XSS.
- Add authorization to using filter vulnerable in Dependency List.
   
   
## 12.4.3 ## 12.4.3
... ...
......
12.4.5 12.4.5-ee
...@@ -701,6 +701,9 @@ msgstr "" ...@@ -701,6 +701,9 @@ msgstr ""
msgid "API Token" msgid "API Token"
msgstr "" msgstr ""
msgid "AWS Secret Access Key"
msgstr ""
msgid "Abort" msgid "Abort"
msgstr "" msgstr ""
...@@ -6129,6 +6132,9 @@ msgstr "" ...@@ -6129,6 +6132,9 @@ msgstr ""
msgid "Enter merge request URLs" msgid "Enter merge request URLs"
msgstr "" msgstr ""
msgid "Enter new AWS Secret Access Key"
msgstr ""
msgid "Enter the issue description" msgid "Enter the issue description"
msgstr "" msgstr ""
... ...
......
...@@ -7,8 +7,9 @@ describe 'Group Badges' do ...@@ -7,8 +7,9 @@ describe 'Group Badges' do
let(:user) { create(:user) } let(:user) { create(:user) }
let(:group) { create(:group) } let(:group) { create(:group) }
let(:badge_link_url) { 'https://gitlab.com/gitlab-org/gitlab/commits/master'} let(:project) { create(:project, namespace: group) }
let(:badge_image_url) { 'https://gitlab.com/gitlab-org/gitlab/badges/master/build.svg'} let(:badge_link_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/commits/master" }
let(:badge_image_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/badges/master/pipeline.svg" }
let!(:badge_1) { create(:group_badge, group: group) } let!(:badge_1) { create(:group_badge, group: group) }
let!(:badge_2) { create(:group_badge, group: group) } let!(:badge_2) { create(:group_badge, group: group) }
... ...
......
...@@ -8,8 +8,8 @@ describe 'Project Badges' do ...@@ -8,8 +8,8 @@ describe 'Project Badges' do
let(:user) { create(:user) } let(:user) { create(:user) }
let(:group) { create(:group) } let(:group) { create(:group) }
let(:project) { create(:project, namespace: group) } let(:project) { create(:project, namespace: group) }
let(:badge_link_url) { 'https://gitlab.com/gitlab-org/gitlab/commits/master'} let(:badge_link_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/commits/master" }
let(:badge_image_url) { 'https://gitlab.com/gitlab-org/gitlab/badges/master/build.svg'} let(:badge_image_url) { "http://#{page.server.host}:#{page.server.port}/#{project.full_path}/badges/master/pipeline.svg" }
let!(:project_badge) { create(:project_badge, project: project) } let!(:project_badge) { create(:project_badge, project: project) }
let!(:group_badge) { create(:group_badge, group: group) } let!(:group_badge) { create(:group_badge, group: group) }
... ...
......