Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
5150dc27
Commit
5150dc27
authored
Oct 01, 2020
by
GitLab Release Tools Bot
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update CHANGELOG.md for 13.4.2
[ci skip]
parent
54f5f2d9
Changes
15
Show whitespace changes
Inline
Side-by-side
Showing
15 changed files
with
20 additions
and
70 deletions
+20
-70
CHANGELOG.md
CHANGELOG.md
+20
-0
changelogs/unreleased/17817-hashed_session_ids_in_redis.yml
changelogs/unreleased/17817-hashed_session_ids_in_redis.yml
+0
-5
changelogs/unreleased/195327-update-confidentiality-and-milestone.yml
...nreleased/195327-update-confidentiality-and-milestone.yml
+0
-6
changelogs/unreleased/222349-purge_unaccepted_member_invitations.yml
...unreleased/222349-purge_unaccepted_member_invitations.yml
+0
-5
changelogs/unreleased/feature-flag-plan-limits.yml
changelogs/unreleased/feature-flag-plan-limits.yml
+0
-5
changelogs/unreleased/security-44-stored-xss-via-svg-file-preview.yml
...nreleased/security-44-stored-xss-via-svg-file-preview.yml
+0
-5
changelogs/unreleased/security-ensure-prerequisites-are-met-before-account-deletion.yml
...-ensure-prerequisites-are-met-before-account-deletion.yml
+0
-5
changelogs/unreleased/security-fix-safe-params-helper.yml
changelogs/unreleased/security-fix-safe-params-helper.yml
+0
-4
changelogs/unreleased/security-fix_session_bypassing_for_admin_mode_in_api.yml
.../security-fix_session_bypassing_for_admin_mode_in_api.yml
+0
-5
changelogs/unreleased/security-fixes-release-asset-link-filepath-ReDoS.yml
...ased/security-fixes-release-asset-link-filepath-ReDoS.yml
+0
-5
changelogs/unreleased/security-insufficient-type-check.yml
changelogs/unreleased/security-insufficient-type-check.yml
+0
-5
changelogs/unreleased/security-members-expiry-date-should-be-in-future.yml
...ased/security-members-expiry-date-should-be-in-future.yml
+0
-5
changelogs/unreleased/security-rate-limit-email-confirmation.yml
...ogs/unreleased/security-rate-limit-email-confirmation.yml
+0
-5
changelogs/unreleased/security-todos-redact-guests.yml
changelogs/unreleased/security-todos-redact-guests.yml
+0
-5
changelogs/unreleased/security-update-runner-version-13-4-stable.yml
...unreleased/security-update-runner-version-13-4-stable.yml
+0
-5
No files found.
CHANGELOG.md
View file @
5150dc27
...
...
@@ -2,6 +2,26 @@
documentation
](
doc/development/changelog.md
)
for instructions on adding your own
entry.
## 13.4.2 (2020-10-01)
### Security (14 changes)
-
Do not store session id in Redis.
-
Fix permission checks when updating confidentiality and milestone on issues or merge requests.
-
Purge unaccepted member invitations older than 90 days.
-
Adds feature flags plan limits.
-
Prevent SVG XSS via Web IDE.
-
Ensure user has no solo owned groups before triggering account deletion.
-
Security fix safe params helper.
-
Do not bypass admin mode when authenticated with deploy token.
-
Fixes release asset link filepath ReDoS.
-
Ensure global ID is of Annotation type in GraphQL destroy mutation.
-
Validate that membership expiry dates are not in the past.
-
Rate limit adding new email and re-sending email confirmation.
-
Fix redaction of confidential Todos.
-
Update GitLab Runner Helm Chart to 0.20.2.
## 13.4.1 (2020-09-24)
### Fixed (2 changes)
...
...
changelogs/unreleased/17817-hashed_session_ids_in_redis.yml
deleted
100644 → 0
View file @
54f5f2d9
---
title
:
Do not store session id in Redis
merge_request
:
author
:
type
:
security
changelogs/unreleased/195327-update-confidentiality-and-milestone.yml
deleted
100644 → 0
View file @
54f5f2d9
---
title
:
Fix permission checks when updating confidentiality and milestone on issues
or merge requests
merge_request
:
author
:
type
:
security
changelogs/unreleased/222349-purge_unaccepted_member_invitations.yml
deleted
100644 → 0
View file @
54f5f2d9
---
title
:
Purge unaccepted member invitations older than 90 days
merge_request
:
author
:
type
:
security
changelogs/unreleased/feature-flag-plan-limits.yml
deleted
100644 → 0
View file @
54f5f2d9
---
title
:
Adds feature flags plan limits
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-44-stored-xss-via-svg-file-preview.yml
deleted
100644 → 0
View file @
54f5f2d9
---
title
:
Prevent SVG XSS via Web IDE
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-ensure-prerequisites-are-met-before-account-deletion.yml
deleted
100644 → 0
View file @
54f5f2d9
---
title
:
Ensure user has no solo owned groups before triggering account deletion
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-fix-safe-params-helper.yml
deleted
100644 → 0
View file @
54f5f2d9
---
title
:
Security fix safe params helper
author
:
type
:
security
changelogs/unreleased/security-fix_session_bypassing_for_admin_mode_in_api.yml
deleted
100644 → 0
View file @
54f5f2d9
---
title
:
Do not bypass admin mode when authenticated with deploy token
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-fixes-release-asset-link-filepath-ReDoS.yml
deleted
100644 → 0
View file @
54f5f2d9
---
title
:
Fixes release asset link filepath ReDoS
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-insufficient-type-check.yml
deleted
100644 → 0
View file @
54f5f2d9
---
title
:
Ensure global ID is of Annotation type in GraphQL destroy mutation
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-members-expiry-date-should-be-in-future.yml
deleted
100644 → 0
View file @
54f5f2d9
---
title
:
Validate that membership expiry dates are not in the past
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-rate-limit-email-confirmation.yml
deleted
100644 → 0
View file @
54f5f2d9
---
title
:
Rate limit adding new email and re-sending email confirmation
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-todos-redact-guests.yml
deleted
100644 → 0
View file @
54f5f2d9
---
title
:
Fix redaction of confidential Todos
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-update-runner-version-13-4-stable.yml
deleted
100644 → 0
View file @
54f5f2d9
---
title
:
Update GitLab Runner Helm Chart to 0.20.2
merge_request
:
author
:
type
:
security
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment