From c0941f4631fd96fb81577cbd3d85ba5563f438dc Mon Sep 17 00:00:00 2001
From: Joe Chen <jc@unknwon.io>
Date: Tue, 31 May 2022 16:47:13 +0800
Subject: [PATCH] CHANGELOG: cut entries for 0.12.8 (#6992)

[skip ci]
---
 CHANGELOG.md | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3aa82e757..ac522fc03 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,14 +19,9 @@ All notable changes to Gogs are documented in this file.
 - MSSQL as database backend is deprecated, installation page no longer shows it as an option. Existing installations and manually craft configuration file continue to work. [#6295](https://github.com/gogs/gogs/pull/6295)
 - Use [Task](https://github.com/go-task/task) as the build tool. [#6297](https://github.com/gogs/gogs/pull/6297)
 - The required Go version to compile source code changed to 1.16.
-- All users (including admins) need to use the configuration option `[security] LOCAL_NETWORK_ALLOWLIST` to allow repository migration and webhooks to be able to access local network addresses, which is a comma separated list of hostnames. [#6988](https://github.com/gogs/gogs/pull/6988)
 
 ### Fixed
 
-- _Security:_ SSRF in webhook. [#6901](https://github.com/gogs/gogs/issues/6901)
-- _Security:_ XSS in cookies. [#6953](https://github.com/gogs/gogs/issues/6953)
-- _Security:_ OS Command Injection in file uploading. [#6968](https://github.com/gogs/gogs/issues/6968)
-- _Security:_ Remote Command Execution in file editing. [#6555](https://github.com/gogs/gogs/issues/6555)
 - Unable to use LDAP authentication on ARM machines. [#6761](https://github.com/gogs/gogs/issues/6761)
 
 ### Removed
@@ -49,6 +44,19 @@ All notable changes to Gogs are documented in this file.
 - Configuration option `[database] PASSWD` is no longer used, please use `[database] PASSWORD`.
 - Remove option to use Makefile as the build tool. [#6980](https://github.com/gogs/gogs/pull/6980)
 
+## 0.12.8
+
+### Changed
+
+- All users (including admins) need to use the configuration option `[security] LOCAL_NETWORK_ALLOWLIST` to allow repository migration and webhooks to be able to access local network addresses, which is a comma separated list of hostnames. [#6988](https://github.com/gogs/gogs/pull/6988)
+
+### Fixed
+
+- _Security:_ SSRF in webhook. [#6901](https://github.com/gogs/gogs/issues/6901)
+- _Security:_ XSS in cookies. [#6953](https://github.com/gogs/gogs/issues/6953)
+- _Security:_ OS Command Injection in file uploading. [#6968](https://github.com/gogs/gogs/issues/6968)
+- _Security:_ Remote Command Execution in file editing. [#6555](https://github.com/gogs/gogs/issues/6555)
+
 ## 0.12.7
 
 ### Fixed