Add latest changes from gitlab-org/security/gitlab@13-10-stable-ee

c9392760 · GitLab Bot · 15f38fbe · c9392760 · c9392760 · 15f38fbe
Commit c9392760 authored Mar 31, 2021 by GitLab Bot
12 changed files
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,28 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.

+## 13.10.1 (2021-03-31)
+
+### Security (6 changes)
+
+- Leave pool repository on fork unlinking.
+- Fixed XSS in merge requests sidebar.
+- Fix arbitrary read/write in AsciiDoctor and Kroki gems.
+- Prevent infinite loop when checking if collaboration is allowed.
+- Disable arbitrary URI and file reads in JSON validator.
+- Require POST request to trigger system hooks.
+
+### Removed (1 change)
+
+- Make HipChat project service do nothing. !57434
+
+### Other (3 changes)
+
+- Remove direct mimemagic dependency. !57387
+- Refactor MimeMagic calls to new MimeType class. !57421
+- Switch to using a fake mimemagic gem. !57443
+
+
 ## 13.10.0 (2021-03-22)

 ### Security (3 changes)

--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
-13.10.0
\ No newline at end of file
+13.10.1
\ No newline at end of file
--- a/changelogs/unreleased/mimemagic_shim.yml
+++ b/changelogs/unreleased/mimemagic_shim.yml
---
-title: Switch to using a fake mimemagic gem
-merge_request: 57443
-author:
-type: other
--- a/changelogs/unreleased/remove-direct-mimemagic-dependency-minimal.yml
+++ b/changelogs/unreleased/remove-direct-mimemagic-dependency-minimal.yml
---
-title: Refactor MimeMagic calls to new MimeType class
-merge_request: 57421
-author:
-type: other
--- a/changelogs/unreleased/remove-direct-mimemagic-dependency.yml
+++ b/changelogs/unreleased/remove-direct-mimemagic-dependency.yml
---
-title: Remove direct mimemagic dependency
-merge_request: 57387
-author:
-type: other
--- a/changelogs/unreleased/remove_hipchat_gem.yml
+++ b/changelogs/unreleased/remove_hipchat_gem.yml
---
-title: Make HipChat project service do nothing
-merge_request: 57434
-author:
-type: removed
--- a/changelogs/unreleased/security-fix-xss-in-mr-sidebar.yml
+++ b/changelogs/unreleased/security-fix-xss-in-mr-sidebar.yml
---
-title: Fixed XSS in merge requests sidebar
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-id-leave-pool-for-private-forks.yml
+++ b/changelogs/unreleased/security-id-leave-pool-for-private-forks.yml
---
-title: Leave pool repository on fork unlinking
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-kroki-arbitraryfile-read-write.yml
+++ b/changelogs/unreleased/security-kroki-arbitraryfile-read-write.yml
---
-title: Fix arbitrary read/write in AsciiDoctor and Kroki gems
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-projects-branch-collaboration-loop.yml
+++ b/changelogs/unreleased/security-projects-branch-collaboration-loop.yml
---
-title: Prevent infinite loop when checking if collaboration is allowed
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-sh-json-validator-open-uri-patch.yml
+++ b/changelogs/unreleased/security-sh-json-validator-open-uri-patch.yml
---
-title: Disable arbitrary URI and file reads in JSON validator
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-trigger-system-hook-by-post.yml
+++ b/changelogs/unreleased/security-trigger-system-hook-by-post.yml
---
-title: Require POST request to trigger system hooks
-merge_request:
-author:
-type: security