Update CHANGELOG.md for 13.4.2

[ci skip]

CHANGELOG.md

@@ -2,6 +2,26 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 13.4.2 (2020-10-01)
+
+### Security (14 changes)
+
+- Do not store session id in Redis.
+- Fix permission checks when updating confidentiality and milestone on issues or merge requests.
+- Purge unaccepted member invitations older than 90 days.
+- Adds feature flags plan limits.
+- Prevent SVG XSS via Web IDE.
+- Ensure user has no solo owned groups before triggering account deletion.
+- Security fix safe params helper.
+- Do not bypass admin mode when authenticated with deploy token.
+- Fixes release asset link filepath ReDoS.
+- Ensure global ID is of Annotation type in GraphQL destroy mutation.
+- Validate that membership expiry dates are not in the past.
+- Rate limit adding new email and re-sending email confirmation.
+- Fix redaction of confidential Todos.
+- Update GitLab Runner Helm Chart to 0.20.2.
+
+
 ## 13.4.1 (2020-09-24)
 
 ### Fixed (2 changes)

changelogs/unreleased/17817-hashed_session_ids_in_redis.yml

----
-title: Do not store session id in Redis
-merge_request:
-author:
-type: security

changelogs/unreleased/195327-update-confidentiality-and-milestone.yml

----
-title: Fix permission checks when updating confidentiality and milestone on issues
-  or merge requests
-merge_request:
-author:
-type: security

changelogs/unreleased/222349-purge_unaccepted_member_invitations.yml

----
-title: Purge unaccepted member invitations older than 90 days
-merge_request:
-author:
-type: security

changelogs/unreleased/feature-flag-plan-limits.yml

----
-title: Adds feature flags plan limits
-merge_request:
-author:
-type: security

changelogs/unreleased/security-44-stored-xss-via-svg-file-preview.yml

----
-title: Prevent SVG XSS via Web IDE
-merge_request:
-author:
-type: security

changelogs/unreleased/security-ensure-prerequisites-are-met-before-account-deletion.yml

----
-title: Ensure user has no solo owned groups before triggering account deletion
-merge_request:
-author:
-type: security

changelogs/unreleased/security-fix-safe-params-helper.yml

----
-title: Security fix safe params helper
-author:
-type: security

changelogs/unreleased/security-fix_session_bypassing_for_admin_mode_in_api.yml

----
-title: Do not bypass admin mode when authenticated with deploy token
-merge_request:
-author:
-type: security

changelogs/unreleased/security-fixes-release-asset-link-filepath-ReDoS.yml

----
-title: Fixes release asset link filepath ReDoS
-merge_request:
-author:
-type: security

changelogs/unreleased/security-insufficient-type-check.yml

----
-title: Ensure global ID is of Annotation type in GraphQL destroy mutation
-merge_request:
-author:
-type: security

changelogs/unreleased/security-members-expiry-date-should-be-in-future.yml

----
-title: Validate that membership expiry dates are not in the past
-merge_request:
-author:
-type: security

changelogs/unreleased/security-rate-limit-email-confirmation.yml

----
-title: Rate limit adding new email and re-sending email confirmation
-merge_request:
-author:
-type: security

changelogs/unreleased/security-todos-redact-guests.yml

----
-title: Fix redaction of confidential Todos
-merge_request:
-author:
-type: security

changelogs/unreleased/security-update-runner-version-13-4-stable.yml

----
-title: Update GitLab Runner Helm Chart to 0.20.2
-merge_request:
-author:
-type: security