Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
bce8c3d7
Commit
bce8c3d7
authored
Jul 01, 2020
by
GitLab Release Tools Bot
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update CHANGELOG.md for 13.1.2
[ci skip]
parent
3644e9b3
Changes
19
Hide whitespace changes
Inline
Side-by-side
Showing
19 changed files
with
24 additions
and
90 deletions
+24
-90
CHANGELOG.md
CHANGELOG.md
+24
-0
changelogs/unreleased/128-update-xterm.yml
changelogs/unreleased/128-update-xterm.yml
+0
-5
changelogs/unreleased/private-profile-api.yml
changelogs/unreleased/private-profile-api.yml
+0
-5
changelogs/unreleased/security-150-xss-reference-redactor.yml
...gelogs/unreleased/security-150-xss-reference-redactor.yml
+0
-5
changelogs/unreleased/security-208685-fix-swagger-ui-xss.yml
changelogs/unreleased/security-208685-fix-swagger-ui-xss.yml
+0
-5
changelogs/unreleased/security-212469-fix-deploy-token-api.yml
...elogs/unreleased/security-212469-fix-deploy-token-api.yml
+0
-5
changelogs/unreleased/security-215175-filter-merge-participants.yml
.../unreleased/security-215175-filter-merge-participants.yml
+0
-5
changelogs/unreleased/security-dblessing-cookie-serializer.yml
...elogs/unreleased/security-dblessing-cookie-serializer.yml
+0
-5
changelogs/unreleased/security-dblessing-sanitize-group-names.yml
...gs/unreleased/security-dblessing-sanitize-group-names.yml
+0
-5
changelogs/unreleased/security-disable-caching-for-wiki-attachments.yml
...eleased/security-disable-caching-for-wiki-attachments.yml
+0
-5
changelogs/unreleased/security-disable-github-import-api-by-seetings.yml
...leased/security-disable-github-import-api-by-seetings.yml
+0
-5
changelogs/unreleased/security-fix-malicious-comment-master.yml
...logs/unreleased/security-fix-malicious-comment-master.yml
+0
-5
changelogs/unreleased/security-fix-time-tracking-permissions-api.yml
...unreleased/security-fix-time-tracking-permissions-api.yml
+0
-5
changelogs/unreleased/security-fj-add-snippet-repository-validation-bundle-import.yml
...ty-fj-add-snippet-repository-validation-bundle-import.yml
+0
-5
changelogs/unreleased/security-kaminari-update.yml
changelogs/unreleased/security-kaminari-update.yml
+0
-5
changelogs/unreleased/security-user-name-html.yml
changelogs/unreleased/security-user-name-html.yml
+0
-5
changelogs/unreleased/security-xss-bitbucket-import.yml
changelogs/unreleased/security-xss-bitbucket-import.yml
+0
-5
changelogs/unreleased/security-xss-error-tracking.yml
changelogs/unreleased/security-xss-error-tracking.yml
+0
-5
changelogs/unreleased/security-xss-issuables-list.yml
changelogs/unreleased/security-xss-issuables-list.yml
+0
-5
No files found.
CHANGELOG.md
View file @
bce8c3d7
...
...
@@ -2,6 +2,30 @@
documentation
](
doc/development/changelog.md
)
for instructions on adding your own
entry.
## 13.1.2 (2020-07-01)
### Security (18 changes)
-
Update xterm js dependency to latest stable 3.x version.
-
Do not show activity for users with private profiles.
-
Fix stored XSS in markdown renderer.
-
Upgrade swagger-ui to solve XSS issues.
-
Fix group deploy token API authorizations.
-
Check access when sending TODOs related to merge requests.
-
Change from hybrid to JSON cookies serializer.
-
Prevent XSS in group name validations.
-
Disable caching for wiki attachments.
-
Disable Github Importer API by settings.
-
Fix null byte error in upload path.
-
Update permissions for time tracking endpoints.
-
Add snippet repository validation after bundle import.
-
Update Kaminari gem.
-
Fix note author name rendering.
-
Sanitize bitbucket repo urls to mitigate XSS.
-
Stored XSS on the Error Tracking page.
-
Fix security issue when rendering issuable.
## 13.1.1 (2020-06-23)
### Fixed (4 changes)
...
...
changelogs/unreleased/128-update-xterm.yml
deleted
100644 → 0
View file @
3644e9b3
---
title
:
Update xterm js dependency to latest stable 3.x version
merge_request
:
author
:
type
:
security
changelogs/unreleased/private-profile-api.yml
deleted
100644 → 0
View file @
3644e9b3
---
title
:
Do not show activity for users with private profiles
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-150-xss-reference-redactor.yml
deleted
100644 → 0
View file @
3644e9b3
---
title
:
Fix stored XSS in markdown renderer
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-208685-fix-swagger-ui-xss.yml
deleted
100644 → 0
View file @
3644e9b3
---
title
:
Upgrade swagger-ui to solve XSS issues
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-212469-fix-deploy-token-api.yml
deleted
100644 → 0
View file @
3644e9b3
---
title
:
Fix group deploy token API authorizations
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-215175-filter-merge-participants.yml
deleted
100644 → 0
View file @
3644e9b3
---
title
:
Check access when sending TODOs related to merge requests
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-dblessing-cookie-serializer.yml
deleted
100644 → 0
View file @
3644e9b3
---
title
:
Change from hybrid to JSON cookies serializer
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-dblessing-sanitize-group-names.yml
deleted
100644 → 0
View file @
3644e9b3
---
title
:
Prevent XSS in group name validations
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-disable-caching-for-wiki-attachments.yml
deleted
100644 → 0
View file @
3644e9b3
---
title
:
Disable caching for wiki attachments
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-disable-github-import-api-by-seetings.yml
deleted
100644 → 0
View file @
3644e9b3
---
title
:
Disable Github Importer API by settings
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-fix-malicious-comment-master.yml
deleted
100644 → 0
View file @
3644e9b3
---
title
:
Fix
null
byte error in upload path
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-fix-time-tracking-permissions-api.yml
deleted
100644 → 0
View file @
3644e9b3
---
title
:
Update permissions for time tracking endpoints
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-fj-add-snippet-repository-validation-bundle-import.yml
deleted
100644 → 0
View file @
3644e9b3
---
title
:
Add snippet repository validation after bundle import
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-kaminari-update.yml
deleted
100644 → 0
View file @
3644e9b3
---
title
:
Update Kaminari gem
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-user-name-html.yml
deleted
100644 → 0
View file @
3644e9b3
---
title
:
Fix note author name rendering
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-xss-bitbucket-import.yml
deleted
100644 → 0
View file @
3644e9b3
---
title
:
Sanitize bitbucket repo urls to mitigate XSS
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-xss-error-tracking.yml
deleted
100644 → 0
View file @
3644e9b3
---
title
:
Stored XSS on the Error Tracking page
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-xss-issuables-list.yml
deleted
100644 → 0
View file @
3644e9b3
---
title
:
Fix security issue when rendering issuable
merge_request
:
author
:
type
:
security
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment