Skip to content

G
gitlab-ce
Commit 18eb5628 authored by GitLab Release Tools Bot's avatar GitLab Release Tools Bot
Browse files
Options

Update CHANGELOG.md for 13.3.3 

[ci skip]
parent 6c324ce4
Hide whitespace changes
Inline Side-by-side
Showing with 29 additions and 117 deletions
CHANGELOG.md
View file @ 18eb5628
......@@ -2,6 +2,35 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
## 13.3.3 (2020-09-02)
### Security (23 changes, 1 of them is from the community)
- Check validity of project's import_url before mirroring repository.
- Show on two-factor authentication setup page groups that are the cause of this requirement.
- Prevent interrupted 2FA sign-in from signing-in incorrect user.
- Create new 2FA code each time user is entering 2FA setup page.
- Remove all sessions but current while enabling 2FA.
- Invalidate two factor sign-in when user password changes.
- Delete members invites created by users being deleted.
- Prevent OmniAuth from rendering arbitrary error messages.
- Prevent not-2fa authenticated users that are supposed to use it to consume api via session.
- Invalidate remember me when an active session is revoked.
- Add rate limit on webhooks testing feature.
- Add scope presence validation to OAuth Application creation.
- Allow only running job tokens for API authentication.
- Prevent Deploy Tokens to read project resources when repository is disabled.
- Change conan api to use proper workhorse validation.
- Ensure global ID is of Snippet type in GraphQL destroy mutation.
- Fix Improper Access Control on Deploy-Key.
- Set maximum limit for profile events.
- Persist EKS External ID before presenting it to the user.
- Prevent project maintainers from editing group badges.
- Upgrade jquery to v3.5.
- Update websocket-extensions gem to 0.1.5. (Vitor Meireles De Sousa)
- Update GitLab Runner Helm Chart to 0.19.3.
## 13.3.2 (2020-08-28)
### Removed (1 change)
......
changelogs/unreleased/215879-check-validity-of-repository-mirror-urls.yml deleted 100644 → 0
View file @ 6c324ce4
---
title: Check validity of project's import_url before mirroring repository
merge_request:
author:
type: security
changelogs/unreleased/security-199-show-actual-group.yml deleted 100644 → 0
View file @ 6c324ce4
---
title: Show on two-factor authentication setup page groups that are the cause of this
requirement
merge_request:
author:
type: security
changelogs/unreleased/security-209-dblessing-prevent-stale-otp-user-id.yml deleted 100644 → 0
View file @ 6c324ce4
---
title: Prevent interrupted 2FA sign-in from signing-in incorrect user
merge_request:
author:
type: security
changelogs/unreleased/security-212-regenerate-2fa-app-code.yml deleted 100644 → 0
View file @ 6c324ce4
---
title: Create new 2FA code each time user is entering 2FA setup page
merge_request:
author:
type: security
changelogs/unreleased/security-213-delete-other-sessions-when-activating-2fa.yml deleted 100644 → 0
View file @ 6c324ce4
---
title: Remove all sessions but current while enabling 2FA
merge_request:
author:
type: security
changelogs/unreleased/security-214-dblessing-revoke-session-on-pw-change.yml deleted 100644 → 0
View file @ 6c324ce4
---
title: Invalidate two factor sign-in when user password changes
merge_request:
author:
type: security
changelogs/unreleased/security-216-access-to-private-projects.yml deleted 100644 → 0
View file @ 6c324ce4
---
title: Delete members invites created by users being deleted
merge_request:
author:
type: security
changelogs/unreleased/security-217-dblessing-safe-omniauth-errors.yml deleted 100644 → 0
View file @ 6c324ce4
---
title: Prevent OmniAuth from rendering arbitrary error messages
merge_request:
author:
type: security
changelogs/unreleased/security-218-prevent-2fa-bypass-using-api.yml deleted 100644 → 0
View file @ 6c324ce4
---
title: Prevent not-2fa authenticated users that are supposed to use it to consume
api via session
merge_request:
author:
type: security
changelogs/unreleased/security-220-dblessing-revoke-remember-me-on-session-revocation.yml deleted 100644 → 0
View file @ 6c324ce4
---
title: Invalidate remember me when an active session is revoked
merge_request:
author:
type: security
changelogs/unreleased/security-223-webhook-dos-attack.yml deleted 100644 → 0
View file @ 6c324ce4
---
title: Add rate limit on webhooks testing feature
merge_request:
author:
type: security
changelogs/unreleased/security-add-presence-validation-oauth-apps.yml deleted 100644 → 0
View file @ 6c324ce4
---
title: Add scope presence validation to OAuth Application creation
merge_request:
author:
type: security
changelogs/unreleased/security-api-auth-use-job-token-for-running-jobs.yml deleted 100644 → 0
View file @ 6c324ce4
---
title: Allow only running job tokens for API authentication
merge_request:
author:
type: security
changelogs/unreleased/security-deploy-token-can-read-disabled-repo.yml deleted 100644 → 0
View file @ 6c324ce4
---
title: Prevent Deploy Tokens to read project resources when repository is disabled
merge_request:
author:
type: security
changelogs/unreleased/security-fix-conan-workhorse-params.yml deleted 100644 → 0
View file @ 6c324ce4
---
title: Change conan api to use proper workhorse validation
merge_request:
author:
type: security
changelogs/unreleased/security-graphql-type-check.yml deleted 100644 → 0
View file @ 6c324ce4
---
title: Ensure global ID is of Snippet type in GraphQL destroy mutation
merge_request:
author:
type: security
changelogs/unreleased/security-improper-access-control-on-deploy-key.yml deleted 100644 → 0
View file @ 6c324ce4
---
title: Fix Improper Access Control on Deploy-Key
merge_request:
author:
type: security
changelogs/unreleased/security-pb-limit-profile-events.yml deleted 100644 → 0
View file @ 6c324ce4
---
title: Set maximum limit for profile events
merge_request:
author:
type: security
changelogs/unreleased/security-prevent-aws-external-id-manipulation.yml deleted 100644 → 0
View file @ 6c324ce4
---
title: Persist EKS External ID before presenting it to the user
merge_request:
author:
type: security
changelogs/unreleased/security-projectmaintainer-edit-badges.yml deleted 100644 → 0
View file @ 6c324ce4
---
title: Prevent project maintainers from editing group badges
merge_request:
author:
type: security
changelogs/unreleased/security-upgrade-jquery-3-5.yml deleted 100644 → 0
View file @ 6c324ce4
---
title: Upgrade jquery to v3.5
merge_request:
author:
type: security
changelogs/unreleased/security-websocket-extensions-update-0-1-5.yml deleted 100644 → 0
View file @ 6c324ce4
---
title: Update websocket-extensions gem to 0.1.5
merge_request:
author: Vitor Meireles De Sousa
type: security
changelogs/unreleased/update-gitlab-runner-helm-chart-to-0-19-3.yml deleted 100644 → 0
View file @ 6c324ce4
---
title: Update GitLab Runner Helm Chart to 0.19.3
merge_request:
author:
type: security
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7