Update CHANGELOG.md for 12.8.8

[ci skip]

Update CHANGELOG.md for 12.8.8
[ci skip]
ad9642d6 · GitLab Release Tools Bot · cf65cef7 · ad9642d6 · cf65cef7 · cf65cef7
18 changed file
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,29 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.

+## 12.8.8 (2020-03-26)
+
+### Security (17 changes)
+
+- Redact notes in moved confidential issues.
+- Ignore empty remote_id params from Workhorse accelerated uploads.
+- External user can not create personal snippet through API.
+- Prevent malicious entry for group name.
+- Restrict mirroring changes to admins only when mirroring is disabled.
+- Reject all container registry requests from blocked users.
+- Deny localhost requests on fogbugz importer.
+- Change GitHub service integration token input to password.
+- Add permission check for pipeline status of MR.
+- Fix UploadRewriter Path Traversal vulnerability.
+- Block hotlinking to repository archives.
+- Restrict access to project pipeline metrics reports.
+- vulnerability_feedback records should be restricted to a dev role and above.
+- Exclude Carrierwave remote URL methods from import.
+- Update Nokogiri to fix CVE-2020-7595.
+- Prevent updating trigger by other maintainers.
+- Fix XSS vulnerability in `admin/email` "Recipient Group" dropdown.
+
+
 ## 12.8.7 (2020-03-16)

 ### Fixed (1 change, 1 of them is from the community)

--- a/changelogs/unreleased/security-120026-redact-notes-in-moved-confidential-issues.yml
+++ b/changelogs/unreleased/security-120026-redact-notes-in-moved-confidential-issues.yml
---
-title: Redact notes in moved confidential issues
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-193100-ignore-duplicate-multipart-params.yml
+++ b/changelogs/unreleased/security-193100-ignore-duplicate-multipart-params.yml
---
-title: Ignore empty remote_id params from Workhorse accelerated uploads
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-59-prevent-create-api-snippet.yml
+++ b/changelogs/unreleased/security-59-prevent-create-api-snippet.yml
---
-title: External user can not create personal snippet through API
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-backend-xss-admin-email.yml
+++ b/changelogs/unreleased/security-backend-xss-admin-email.yml
---
-title: Prevent malicious entry for group name
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-disable-mirroring-fix.yml
+++ b/changelogs/unreleased/security-disable-mirroring-fix.yml
---
-title: Restrict mirroring changes to admins only when mirroring is disabled
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-docker-blocked-users.yml
+++ b/changelogs/unreleased/security-docker-blocked-users.yml
---
-title: Reject all container registry requests from blocked users
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-fogbugz-importer-deny-localhost-requests.yml
+++ b/changelogs/unreleased/security-fogbugz-importer-deny-localhost-requests.yml
---
-title: Deny localhost requests on fogbugz importer
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-mask-gh-service-password.yml
+++ b/changelogs/unreleased/security-mask-gh-service-password.yml
---
-title: Change GitHub service integration token input to password
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-mr-pipeline-status-permission-check.yml
+++ b/changelogs/unreleased/security-mr-pipeline-status-permission-check.yml
---
-title: Add permission check for pipeline status of MR
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-path-traversal-master.yml
+++ b/changelogs/unreleased/security-path-traversal-master.yml
---
-title: Fix UploadRewriter Path Traversal vulnerability
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-repository-archive-hotlinking.yml
+++ b/changelogs/unreleased/security-repository-archive-hotlinking.yml
---
-title: Block hotlinking to repository archives
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-restrict-project-pipeline-metrics.yml
+++ b/changelogs/unreleased/security-restrict-project-pipeline-metrics.yml
---
-title: Restrict access to project pipeline metrics reports
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-rf-vulnerability-metadata-fix.yml
+++ b/changelogs/unreleased/security-rf-vulnerability-metadata-fix.yml
---
-title: vulnerability_feedback records should be restricted to a dev role and above
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-ssrf-attachment-url.yml
+++ b/changelogs/unreleased/security-ssrf-attachment-url.yml
---
-title: Exclude Carrierwave remote URL methods from import
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-update-nokogiri-cve-2020-7595.yml
+++ b/changelogs/unreleased/security-update-nokogiri-cve-2020-7595.yml
---
-title: Update Nokogiri to fix CVE-2020-7595
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-updating-description-of-trigger-by-other-maintainer.yml
+++ b/changelogs/unreleased/security-updating-description-of-trigger-by-other-maintainer.yml
---
-title: Prevent updating trigger by other maintainers
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-xss-vulnerability-in-admin-send-email-notification.yml
+++ b/changelogs/unreleased/security-xss-vulnerability-in-admin-send-email-notification.yml
---
-title: Fix XSS vulnerability in `admin/email` "Recipient Group" dropdown
-merge_request:
-author:
-type: security