...@@ -2,6 +2,21 @@ ...@@ -2,6 +2,21 @@
documentation](doc/development/changelog.md) for instructions on adding your own documentation](doc/development/changelog.md) for instructions on adding your own
entry. entry.
   
## 12.3.7
### Security (9 changes)
- Check permissions before showing a forked project's source.
- Encrypt application setting tokens.
- Update Workhorse and Gitaly to fix a security issue.
- Hide commit counts from guest users in Cycle Analytics.
- Limit potential for DNS rebind SSRF in chat notifications.
- Fix 500 error caused by invalid byte sequences in links.
- Ensure are cleaned by ImportExport::AttributeCleaner.
- Remove notes regarding Related Branches from Issue activity feeds for guest users.
- Escape namespace in label references to prevent XSS.
## 12.3.6 ## 12.3.6
   
### Security (15 changes) ### Security (15 changes)
... ...
......
---
title: Check permissions before showing a forked project's source
merge_request:
author:
type: security
---
title: Encrypt application setting tokens
merge_request:
author:
type: security
---
title: Update Workhorse and Gitaly to fix a security issue
merge_request:
author:
type: security
---
title: Hide commit counts from guest users in Cycle Analytics.
merge_request:
author:
type: security
---
title: Limit potential for DNS rebind SSRF in chat notifications
merge_request:
author:
type: security
---
title: Fix 500 error caused by invalid byte sequences in links
merge_request:
author:
type: security
---
title: Ensure are cleaned by ImportExport::AttributeCleaner
merge_request:
author:
type: security
---
title: Remove notes regarding Related Branches from Issue activity feeds for guest
users
merge_request:
author:
type: security
---
title: Escape namespace in label references to prevent XSS
merge_request:
author:
type: security