Commit db41f081 authored by Mayra Cabrera's avatar Mayra Cabrera

Merge remote-tracking branch 'dev/master'

parents aca1aa63 185f2c89
Please view this file on the master branch, on stable branches it's out of date.
## 13.2.3 (2020-08-05)
- No changes.
## 13.2.2 (2020-07-29)
- No changes.
......@@ -372,6 +376,10 @@ Please view this file on the master branch, on stable branches it's out of date.
- Resolve duplicate use of shorcuts-tree. !36732
## 13.1.6 (2020-08-05)
- No changes.
## 13.1.5 (2020-07-23)
### Fixed (2 changes)
......@@ -553,6 +561,14 @@ Please view this file on the master branch, on stable branches it's out of date.
- Relocate Go models. !34338 (Ethan Reesor (@firelizzard))
## 13.0.12 (2020-08-05)
- No changes.
## 13.0.11 (2020-08-05)
This version has been skipped due to packaging problems.
## 13.0.10 (2020-07-09)
### Fixed (1 change)
......
......@@ -2,6 +2,24 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
## 13.2.3 (2020-08-05)
### Security (12 changes)
- Update kramdown gem to version 2.3.0.
- Enforce 2FA on Doorkeeper controllers.
- Revoke OAuth grants when a user revokes an application.
- Refresh project authorizations when transferring groups.
- Stop excess logs from failure to send invite email when group no longer exists.
- Verify confirmed email for OAuth Authorize POST endpoint.
- Fix XSS in Markdown reference tooltips.
- Fix XSS in milestone tooltips.
- Fix xss vulnerability on jobs view.
- Block 40-character hexadecimal branches.
- Prevent a temporary access escalation before group memberships are recalculated when specialized project share workers are enabled.
- Update GitLab Runner Helm Chart to 0.18.2.
## 13.2.2 (2020-07-29)
### Fixed (3 changes)
......@@ -1029,6 +1047,23 @@ entry.
- Remove removeIssue logic from list model. (nuwe1)
## 13.1.6 (2020-08-05)
### Security (11 changes)
- Add decompressed archive size validation on Project/Group Import. !562
- Enforce 2FA on Doorkeeper controllers.
- Refresh project authorizations when transferring groups.
- Stop excess logs from failure to send invite email when group no longer exists.
- Verify confirmed email for OAuth Authorize POST endpoint.
- Revoke OAuth grants when a user revokes an application.
- Fix XSS in Markdown reference tooltips.
- Fix XSS in milestone tooltips.
- Fix xss vulnerability on jobs view.
- Block 40-character hexadecimal branches.
- Update GitLab Runner Helm Chart to 0.17.2.
## 13.1.5 (2020-07-23)
- No changes.
......@@ -1563,6 +1598,26 @@ entry.
- Remove removeIssue logic from list model. (nuwe1)
## 13.0.12 (2020-08-05)
### Security (10 changes)
- Add decompressed archive size validation on Project/Group Import. !562
- Enforce 2FA on Doorkeeper controllers.
- Refresh project authorizations when transferring groups.
- Stop excess logs from failure to send invite email when group no longer exists.
- Verify confirmed email for OAuth Authorize POST endpoint.
- Revoke OAuth grants when a user revokes an application.
- Fix XSS in Markdown reference tooltips.
- Fix XSS in milestone tooltips.
- Fix xss vulnerability on jobs view.
- Block 40-character hexadecimal branches.
## 13.0.11 (2020-08-05)
This version has been skipped due to packaging problems.
## 13.0.10 (2020-07-09)
### Fixed (1 change)
......
---
title: Update kramdown gem to version 2.3.0
merge_request:
author:
type: security
---
title: Enforce 2FA on Doorkeeper controllers
merge_request:
author:
type: security
---
title: Revoke OAuth grants when a user revokes an application
merge_request:
author:
type: security
---
title: Refresh project authorizations when transferring groups
merge_request:
author:
type: security
---
title: Stop excess logs from failure to send invite email when group no longer exists
merge_request:
author:
type: security
---
title: Verify confirmed email for OAuth Authorize POST endpoint
merge_request:
author:
type: security
---
title: Add decompressed archive size validation on Project/Group Import
merge_request: 562
author:
type: security
---
title: Fix XSS in Markdown reference tooltips
merge_request:
author:
type: security
---
title: Fix XSS in milestone tooltips
merge_request:
author:
type: security
---
title: Fix xss vulnerability on jobs view
merge_request:
author:
type: security
---
title: Block 40-character hexadecimal branches
merge_request:
author:
type: security
---
title: Prevent a temporary access escalation before group memberships are recalculated when specialized project share workers are enabled
merge_request:
author:
type: security
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment