Update CHANGELOG.md for 12.1.7

[ci skip]

CHANGELOG.md

@@ -2,6 +2,33 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 12.1.7
+
+### Security (21 changes)
+
+- Ensure only authorised users can create notes on Merge Requests and Issues.
+- Add :login_recaptcha_protection_enabled setting to prevent bots from brute-force attacks.
+- Speed up regexp in namespace format by failing fast after reaching maximum namespace depth.
+- Limit the size of issuable description and comments.
+- Send TODOs for comments on commits correctly.
+- Restrict MergeRequests#test_reports to authenticated users with read-access on Builds.
+- Added image proxy to mitigate potential stealing of IP addresses.
+- Filter out old system notes for epics in notes api endpoint response.
+- Avoid exposing unaccessible repo data upon GFM post processing.
+- Fix HTML injection for label description.
+- Make sure HTML text is always escaped when replacing label/milestone references.
+- Prevent DNS rebind on JIRA service integration.
+- Use admin_group authorization in Groups::RunnersController.
+- Prevent disclosure of merge request ID via email.
+- Show cross-referenced MR-id in issues' activities only to authorized users.
+- Enforce max chars and max render time in markdown math.
+- Check permissions before responding in MergeController#pipeline_status.
+- Remove EXIF from users/personal snippet uploads.
+- Fix project import restricted visibility bypass via API.
+- Fix weak session management by clearing password reset tokens after login (username/email) are updated.
+- Fix SSRF via DNS rebinding in Kubernetes Integration.
+
+
 ## 12.1.6
 
 ### Security (2 changes)

changelogs/unreleased/ce-60465-prevent-comments-on-private-mrs.yml

----
-title: Ensure only authorised users can create notes on Merge Requests and Issues
-type: security

changelogs/unreleased/security-59549-add-capcha-for-failed-logins.yml

----
-title: Add :login_recaptcha_protection_enabled setting to prevent bots from brute-force attacks.
-merge_request:
-author:
-type: security

changelogs/unreleased/security-61974-limit-issue-comment-size-2.yml

----
-title: Speed up regexp in namespace format by failing fast after reaching maximum namespace depth
-merge_request:
-author:
-type: security

changelogs/unreleased/security-61974-limit-issue-comment-size.yml

----
-title: Limit the size of issuable description and comments
-merge_request:
-author:
-type: security

changelogs/unreleased/security-64711-fix-commit-todos.yml

----
-title: Send TODOs for comments on commits correctly
-merge_request:
-author:
-type: security

changelogs/unreleased/security-ci-metrics-permissions.yml

----
-title: Restrict MergeRequests#test_reports to authenticated users with read-access
-  on Builds
-merge_request:
-author:
-type: security

changelogs/unreleased/security-enable-image-proxy.yml

----
-title: Added image proxy to mitigate potential stealing of IP addresses
-merge_request:
-author:
-type: security

changelogs/unreleased/security-epic-notes-api-reveals-historical-info-ce-master.yml

----
-title: Filter out old system notes for epics in notes api endpoint response
-merge_request:
-author:
-type: security

changelogs/unreleased/security-exposed-default-branch.yml

----
-title: Avoid exposing unaccessible repo data upon GFM post processing
-merge_request:
-author:
-type: security

changelogs/unreleased/security-fix-html-injection-for-label-description-ce-master.yml

----
-title: Fix HTML injection for label description
-merge_request:
-author:
-type: security

changelogs/unreleased/security-fix-markdown-xss.yml

----
-title: Make sure HTML text is always escaped when replacing label/milestone references.
-merge_request:
-author:
-type: security

changelogs/unreleased/security-fix_jira_ssrf_vulnerability.yml

----
-title: Prevent DNS rebind on JIRA service integration
-merge_request:
-author:
-type: security

changelogs/unreleased/security-group-runners-permissions.yml

----
-title: Use admin_group authorization in Groups::RunnersController
-merge_request:
-author:
-type: security

changelogs/unreleased/security-hide_merge_request_ids_on_emails.yml

----
-title: Prevent disclosure of merge request ID via email
-merge_request:
-author:
-type: security

changelogs/unreleased/security-id-filter-timeline-activities-for-guests.yml

----
-title: Show cross-referenced MR-id in issues' activities only to authorized users
-merge_request:
-author:
-type: security

changelogs/unreleased/security-katex-dos-12-1.yml

----
-title: Enforce max chars and max render time in markdown math
-merge_request:
-author:
-type: security

changelogs/unreleased/security-mr-head-pipeline-leak.yml

----
-title: Check permissions before responding in MergeController#pipeline_status
-merge_request:
-author:
-type: security

changelogs/unreleased/security-personal-snippets.yml

----
-title: Remove EXIF from users/personal snippet uploads.
-merge_request:
-author:
-type: security

changelogs/unreleased/security-project-import-bypass.yml

----
-title: Fix project import restricted visibility bypass via API
-merge_request:
-author:
-type: security

changelogs/unreleased/security-sarcila-fix-weak-session-management.yml

----
-title: Fix weak session management by clearing password reset tokens after login (username/email)
-  are updated
-merge_request:
-author:
-type: security

changelogs/unreleased/security-ssrf-kubernetes-dns.yml

----
-title: Fix SSRF via DNS rebinding in Kubernetes Integration
-merge_request:
-author:
-type: security