Update CHANGELOG.md for 13.4.2

[ci skip]
parent 54f5f2d9
......@@ -2,6 +2,26 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
## 13.4.2 (2020-10-01)
### Security (14 changes)
- Do not store session id in Redis.
- Fix permission checks when updating confidentiality and milestone on issues or merge requests.
- Purge unaccepted member invitations older than 90 days.
- Adds feature flags plan limits.
- Prevent SVG XSS via Web IDE.
- Ensure user has no solo owned groups before triggering account deletion.
- Security fix safe params helper.
- Do not bypass admin mode when authenticated with deploy token.
- Fixes release asset link filepath ReDoS.
- Ensure global ID is of Annotation type in GraphQL destroy mutation.
- Validate that membership expiry dates are not in the past.
- Rate limit adding new email and re-sending email confirmation.
- Fix redaction of confidential Todos.
- Update GitLab Runner Helm Chart to 0.20.2.
## 13.4.1 (2020-09-24)
### Fixed (2 changes)
......
---
title: Do not store session id in Redis
merge_request:
author:
type: security
---
title: Fix permission checks when updating confidentiality and milestone on issues
or merge requests
merge_request:
author:
type: security
---
title: Purge unaccepted member invitations older than 90 days
merge_request:
author:
type: security
---
title: Adds feature flags plan limits
merge_request:
author:
type: security
---
title: Prevent SVG XSS via Web IDE
merge_request:
author:
type: security
---
title: Ensure user has no solo owned groups before triggering account deletion
merge_request:
author:
type: security
---
title: Security fix safe params helper
author:
type: security
---
title: Do not bypass admin mode when authenticated with deploy token
merge_request:
author:
type: security
---
title: Fixes release asset link filepath ReDoS
merge_request:
author:
type: security
---
title: Ensure global ID is of Annotation type in GraphQL destroy mutation
merge_request:
author:
type: security
---
title: Validate that membership expiry dates are not in the past
merge_request:
author:
type: security
---
title: Rate limit adding new email and re-sending email confirmation
merge_request:
author:
type: security
---
title: Fix redaction of confidential Todos
merge_request:
author:
type: security
---
title: Update GitLab Runner Helm Chart to 0.20.2
merge_request:
author:
type: security
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment