Commits on Mar 5, 2020

1. gitlab: 12.8.1 -> 12.8.2 (#81803) …

   Includes multiple security fixes mentioned in
   https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
   (unfortunately, no CVE numbers as of yet)
   
    - Directory Traversal to Arbitrary File Read
    - Account Takeover Through Expired Link
    - Server Side Request Forgery Through Deprecated Service
    - Group Two-Factor Authentication Requirement Bypass
    - Stored XSS in Merge Request Pages
    - Stored XSS in Merge Request Submission Form
    - Stored XSS in File View
    - Stored XSS in Grafana Integration
    - Contribution Analytics Exposed to Non-members
    - Incorrect Access Control in Docker Registry via Deploy Tokens
    - Denial of Service via Permission Checks
    - Denial of Service in Design For Public Issue
    - GitHub Tokens Displayed in Plaintext on Integrations Page
    - Incorrect Access Control via LFS Import
    - Unescaped HTML in Header
    - Private Merge Request Titles Leaked via Widget
    - Project Namespace Exposed via Vulnerability Feedback Endpoint
    - Denial of Service Through Recursive Requests
    - Project Authorization Not Being Updated
    - Incorrect Permission Level For Group Invites
    - Disclosure of Private Group Epic Information
    - User IP Address Exposed via Badge images
    - Update postgresql (GitLab Omnibus)
   
   (cherry-picked from commit c25756f)

   Milan committed Mar 5, 2020
   Copy the full SHA

   c174670 View commit details

   Browse the repository at this point in the history