Update CHANGELOG.md for 13.1.2

[ci skip]
parent 3644e9b3
......@@ -2,6 +2,30 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
## 13.1.2 (2020-07-01)
### Security (18 changes)
- Update xterm js dependency to latest stable 3.x version.
- Do not show activity for users with private profiles.
- Fix stored XSS in markdown renderer.
- Upgrade swagger-ui to solve XSS issues.
- Fix group deploy token API authorizations.
- Check access when sending TODOs related to merge requests.
- Change from hybrid to JSON cookies serializer.
- Prevent XSS in group name validations.
- Disable caching for wiki attachments.
- Disable Github Importer API by settings.
- Fix null byte error in upload path.
- Update permissions for time tracking endpoints.
- Add snippet repository validation after bundle import.
- Update Kaminari gem.
- Fix note author name rendering.
- Sanitize bitbucket repo urls to mitigate XSS.
- Stored XSS on the Error Tracking page.
- Fix security issue when rendering issuable.
## 13.1.1 (2020-06-23)
### Fixed (4 changes)
......
---
title: Update xterm js dependency to latest stable 3.x version
merge_request:
author:
type: security
---
title: Do not show activity for users with private profiles
merge_request:
author:
type: security
---
title: Fix stored XSS in markdown renderer
merge_request:
author:
type: security
---
title: Upgrade swagger-ui to solve XSS issues
merge_request:
author:
type: security
---
title: Fix group deploy token API authorizations
merge_request:
author:
type: security
---
title: Check access when sending TODOs related to merge requests
merge_request:
author:
type: security
---
title: Change from hybrid to JSON cookies serializer
merge_request:
author:
type: security
---
title: Prevent XSS in group name validations
merge_request:
author:
type: security
---
title: Disable caching for wiki attachments
merge_request:
author:
type: security
---
title: Disable Github Importer API by settings
merge_request:
author:
type: security
---
title: Fix null byte error in upload path
merge_request:
author:
type: security
---
title: Update permissions for time tracking endpoints
merge_request:
author:
type: security
---
title: Add snippet repository validation after bundle import
merge_request:
author:
type: security
---
title: Update Kaminari gem
merge_request:
author:
type: security
---
title: Fix note author name rendering
merge_request:
author:
type: security
---
title: Sanitize bitbucket repo urls to mitigate XSS
merge_request:
author:
type: security
---
title: Stored XSS on the Error Tracking page
merge_request:
author:
type: security
---
title: Fix security issue when rendering issuable
merge_request:
author:
type: security
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment