Update CHANGELOG.md for 12.9.8

[ci skip]
carlos-wong · May 27, 2020 · a06a67f · a06a67f
1 parent b4f4e4e
commit a06a67f
Show file tree

Hide file tree

Showing 14 changed files with 19 additions and 65 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,25 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 12.9.8 (2020-05-27)
+
+### Security (13 changes)
+
+- Hide EKS secret key in admin integrations settings.
+- Added data integrity check before updating a deploy key.
+- Display only verified emails on notifications and profile page.
+- Disable caching on repo/blobs/[sha]/raw endpoint.
+- Require confirmed email address for GitLab OAuth authentication.
+- Kubernetes cluster details page no longer exposes Service Token.
+- Fix confirming unverified emails with soft email confirmation flow enabled.
+- Disallow user to control PUT request using mermaid markdown in issue description.
+- Check forked project permissions before allowing fork.
+- Limit memory footprint of a command that generates ZIP artifacts metadata.
+- Fix file enuming using Group Import.
+- Prevent XSS in the monitoring dashboard.
+- Use `gsub` instead of the Ruby `%` operator to perform variable substitution in Prometheus proxy API.
+
+
 ## 12.9.7 (2020-05-13)
 
 ### Added (1 change)

diff --git a/changelogs/unreleased/security-132-remove-eks-details-from-admin-form.yml b/changelogs/unreleased/security-132-remove-eks-details-from-admin-form.yml
diff --git a/changelogs/unreleased/security-208449-fix-deploy-key-can-push.yml b/changelogs/unreleased/security-208449-fix-deploy-key-can-push.yml
diff --git a/changelogs/unreleased/security-25994-unverified-email-mitigation.yml b/changelogs/unreleased/security-25994-unverified-email-mitigation.yml
diff --git a/changelogs/unreleased/security-99-disable-caching-on-api-repo-blobs-raw.yml b/changelogs/unreleased/security-99-disable-caching-on-api-repo-blobs-raw.yml
diff --git a/changelogs/unreleased/security-dblessing-oauth-email-verification.yml b/changelogs/unreleased/security-dblessing-oauth-email-verification.yml
diff --git a/changelogs/unreleased/security-do-not-expose-kubernetes-token.yml b/changelogs/unreleased/security-do-not-expose-kubernetes-token.yml
diff --git a/changelogs/unreleased/security-fix-email-confirmation-bug.yml b/changelogs/unreleased/security-fix-email-confirmation-bug.yml
diff --git a/changelogs/unreleased/security-fix-mermaid-issue.yml b/changelogs/unreleased/security-fix-mermaid-issue.yml
diff --git a/changelogs/unreleased/security-forked-from.yml b/changelogs/unreleased/security-forked-from.yml
diff --git a/changelogs/unreleased/security-gb-fix-workhorse-zip-metadata-resources.yml b/changelogs/unreleased/security-gb-fix-workhorse-zip-metadata-resources.yml
diff --git a/changelogs/unreleased/security-group-import-file-enuming.yml b/changelogs/unreleased/security-group-import-file-enuming.yml
diff --git a/changelogs/unreleased/security-jivanvl-prevent-xss-duplicate-dashboard-modal.yml b/changelogs/unreleased/security-jivanvl-prevent-xss-duplicate-dashboard-modal.yml
diff --git a/changelogs/unreleased/security-use-gsub-variable-substitution.yml b/changelogs/unreleased/security-use-gsub-variable-substitution.yml