Update CHANGELOG.md for 13.1.2

[ci skip]

CHANGELOG.md

@@ -2,6 +2,30 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 13.1.2 (2020-07-01)
+
+### Security (18 changes)
+
+- Update xterm js dependency to latest stable 3.x version.
+- Do not show activity for users with private profiles.
+- Fix stored XSS in markdown renderer.
+- Upgrade swagger-ui to solve XSS issues.
+- Fix group deploy token API authorizations.
+- Check access when sending TODOs related to merge requests.
+- Change from hybrid to JSON cookies serializer.
+- Prevent XSS in group name validations.
+- Disable caching for wiki attachments.
+- Disable Github Importer API by settings.
+- Fix null byte error in upload path.
+- Update permissions for time tracking endpoints.
+- Add snippet repository validation after bundle import.
+- Update Kaminari gem.
+- Fix note author name rendering.
+- Sanitize bitbucket repo urls to mitigate XSS.
+- Stored XSS on the Error Tracking page.
+- Fix security issue when rendering issuable.
+
+
 ## 13.1.1 (2020-06-23)
 
 ### Fixed (4 changes)

changelogs/unreleased/128-update-xterm.yml

----
-title: Update xterm js dependency to latest stable 3.x version
-merge_request:
-author:
-type: security

changelogs/unreleased/private-profile-api.yml

----
-title: Do not show activity for users with private profiles
-merge_request:
-author:
-type: security

changelogs/unreleased/security-150-xss-reference-redactor.yml

----
-title: Fix stored XSS in markdown renderer
-merge_request:
-author:
-type: security

changelogs/unreleased/security-208685-fix-swagger-ui-xss.yml

----
-title: Upgrade swagger-ui to solve XSS issues
-merge_request:
-author:
-type: security

changelogs/unreleased/security-212469-fix-deploy-token-api.yml

----
-title: Fix group deploy token API authorizations
-merge_request:
-author:
-type: security

changelogs/unreleased/security-215175-filter-merge-participants.yml

----
-title: Check access when sending TODOs related to merge requests
-merge_request:
-author:
-type: security

changelogs/unreleased/security-dblessing-cookie-serializer.yml

----
-title: Change from hybrid to JSON cookies serializer
-merge_request:
-author:
-type: security

changelogs/unreleased/security-dblessing-sanitize-group-names.yml

----
-title: Prevent XSS in group name validations
-merge_request:
-author:
-type: security

changelogs/unreleased/security-disable-caching-for-wiki-attachments.yml

----
-title: Disable caching for wiki attachments
-merge_request:
-author:
-type: security

changelogs/unreleased/security-disable-github-import-api-by-seetings.yml

----
-title: Disable Github Importer API by settings
-merge_request:
-author:
-type: security

changelogs/unreleased/security-fix-malicious-comment-master.yml

----
-title: Fix null byte error in upload path
-merge_request:
-author:
-type: security

changelogs/unreleased/security-fix-time-tracking-permissions-api.yml

----
-title: Update permissions for time tracking endpoints
-merge_request:
-author:
-type: security

changelogs/unreleased/security-fj-add-snippet-repository-validation-bundle-import.yml

----
-title: Add snippet repository validation after bundle import
-merge_request:
-author:
-type: security

changelogs/unreleased/security-kaminari-update.yml

----
-title: Update Kaminari gem
-merge_request:
-author:
-type: security

changelogs/unreleased/security-user-name-html.yml

----
-title: Fix note author name rendering
-merge_request:
-author:
-type: security

changelogs/unreleased/security-xss-bitbucket-import.yml

----
-title: Sanitize bitbucket repo urls to mitigate XSS
-merge_request:
-author:
-type: security

changelogs/unreleased/security-xss-error-tracking.yml

----
-title: Stored XSS on the Error Tracking page
-merge_request:
-author:
-type: security

changelogs/unreleased/security-xss-issuables-list.yml

----
-title: Fix security issue when rendering issuable
-merge_request:
-author:
-type: security