Commit 15e305ed authored by GitLab Bot's avatar GitLab Bot

Add latest changes from gitlab-org/security/gitlab@13-7-stable-ee

parent d4d523a5
...@@ -2,6 +2,19 @@ ...@@ -2,6 +2,19 @@
documentation](doc/development/changelog.md) for instructions on adding your own documentation](doc/development/changelog.md) for instructions on adding your own
entry. entry.
## 13.7.2 (2021-01-07)
### Security (7 changes)
- Forbid public cache for private repos.
- Deny implicit flow for confidential apps.
- Update NuGet regular expression to protect against ReDoS.
- Fix regular expression backtracking issue in package name validation.
- Fix stealing API token from GitLab Pages and DoS Prometheus through GitLab Pages.
- Update trusted OAuth applications to set them as confidential.
- Upgrade Workhorse to 8.58.2.
## 13.7.1 (2020-12-23) ## 13.7.1 (2020-12-23)
### Fixed (1 change) ### Fixed (1 change)
......
13.7.1 13.7.2
\ No newline at end of file \ No newline at end of file
---
title: Forbid public cache for private repos
merge_request:
author:
type: security
---
title: Deny implicit flow for confidential apps
merge_request:
author:
type: security
---
title: Update NuGet regular expression to protect against ReDoS
merge_request:
author:
type: security
---
title: Fix regular expression backtracking issue in package name validation
merge_request:
author:
type: security
---
title: Fix stealing API token from GitLab Pages and DoS Prometheus through GitLab Pages
merge_request:
author:
type: security
---
title: Update trusted OAuth applications to set them as confidential
merge_request:
author:
type: security
---
title: Upgrade Workhorse to 8.58.2
merge_request:
author:
type: security
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment