summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>2020-07-01 13:00:26 +0000
committerGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>2020-07-01 13:00:26 +0000
commitbce8c3d7fac804d40dedcbe830b784d67a8b33d3 (patch)
tree56effb026216285bccd88831a5b343679be66650
parent3644e9b388b299f8506b6be7793b493a54cf00b5 (diff)
downloadgitlab-ce-bce8c3d7fac804d40dedcbe830b784d67a8b33d3.tar.gz
Update CHANGELOG.md for 13.1.2
[ci skip]
Diffstat
-rw-r--r--CHANGELOG.md24
-rw-r--r--changelogs/unreleased/128-update-xterm.yml5
-rw-r--r--changelogs/unreleased/private-profile-api.yml5
-rw-r--r--changelogs/unreleased/security-150-xss-reference-redactor.yml5
-rw-r--r--changelogs/unreleased/security-208685-fix-swagger-ui-xss.yml5
-rw-r--r--changelogs/unreleased/security-212469-fix-deploy-token-api.yml5
-rw-r--r--changelogs/unreleased/security-215175-filter-merge-participants.yml5
-rw-r--r--changelogs/unreleased/security-dblessing-cookie-serializer.yml5
-rw-r--r--changelogs/unreleased/security-dblessing-sanitize-group-names.yml5
-rw-r--r--changelogs/unreleased/security-disable-caching-for-wiki-attachments.yml5
-rw-r--r--changelogs/unreleased/security-disable-github-import-api-by-seetings.yml5
-rw-r--r--changelogs/unreleased/security-fix-malicious-comment-master.yml5
-rw-r--r--changelogs/unreleased/security-fix-time-tracking-permissions-api.yml5
-rw-r--r--changelogs/unreleased/security-fj-add-snippet-repository-validation-bundle-import.yml5
-rw-r--r--changelogs/unreleased/security-kaminari-update.yml5
-rw-r--r--changelogs/unreleased/security-user-name-html.yml5
-rw-r--r--changelogs/unreleased/security-xss-bitbucket-import.yml5
-rw-r--r--changelogs/unreleased/security-xss-error-tracking.yml5
-rw-r--r--changelogs/unreleased/security-xss-issuables-list.yml5
19 files changed, 24 insertions, 90 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 94d635c30e0..aa8b386d8b7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,30 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
+## 13.1.2 (2020-07-01)
+
+### Security (18 changes)
+
+- Update xterm js dependency to latest stable 3.x version.
+- Do not show activity for users with private profiles.
+- Fix stored XSS in markdown renderer.
+- Upgrade swagger-ui to solve XSS issues.
+- Fix group deploy token API authorizations.
+- Check access when sending TODOs related to merge requests.
+- Change from hybrid to JSON cookies serializer.
+- Prevent XSS in group name validations.
+- Disable caching for wiki attachments.
+- Disable Github Importer API by settings.
+- Fix null byte error in upload path.
+- Update permissions for time tracking endpoints.
+- Add snippet repository validation after bundle import.
+- Update Kaminari gem.
+- Fix note author name rendering.
+- Sanitize bitbucket repo urls to mitigate XSS.
+- Stored XSS on the Error Tracking page.
+- Fix security issue when rendering issuable.
+
+
## 13.1.1 (2020-06-23)
### Fixed (4 changes)
diff --git a/changelogs/unreleased/128-update-xterm.yml b/changelogs/unreleased/128-update-xterm.yml
deleted file mode 100644
index e6bb7abfd88..00000000000
--- a/changelogs/unreleased/128-update-xterm.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Update xterm js dependency to latest stable 3.x version
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/private-profile-api.yml b/changelogs/unreleased/private-profile-api.yml
deleted file mode 100644
index ce077882860..00000000000
--- a/changelogs/unreleased/private-profile-api.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Do not show activity for users with private profiles
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-150-xss-reference-redactor.yml b/changelogs/unreleased/security-150-xss-reference-redactor.yml
deleted file mode 100644
index 621acfebd78..00000000000
--- a/changelogs/unreleased/security-150-xss-reference-redactor.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix stored XSS in markdown renderer
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-208685-fix-swagger-ui-xss.yml b/changelogs/unreleased/security-208685-fix-swagger-ui-xss.yml
deleted file mode 100644
index 7dffb185d42..00000000000
--- a/changelogs/unreleased/security-208685-fix-swagger-ui-xss.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Upgrade swagger-ui to solve XSS issues
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-212469-fix-deploy-token-api.yml b/changelogs/unreleased/security-212469-fix-deploy-token-api.yml
deleted file mode 100644
index 667ee1b19d0..00000000000
--- a/changelogs/unreleased/security-212469-fix-deploy-token-api.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix group deploy token API authorizations
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-215175-filter-merge-participants.yml b/changelogs/unreleased/security-215175-filter-merge-participants.yml
deleted file mode 100644
index 1baaa17399f..00000000000
--- a/changelogs/unreleased/security-215175-filter-merge-participants.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Check access when sending TODOs related to merge requests
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-dblessing-cookie-serializer.yml b/changelogs/unreleased/security-dblessing-cookie-serializer.yml
deleted file mode 100644
index 36ddab25d39..00000000000
--- a/changelogs/unreleased/security-dblessing-cookie-serializer.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Change from hybrid to JSON cookies serializer
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-dblessing-sanitize-group-names.yml b/changelogs/unreleased/security-dblessing-sanitize-group-names.yml
deleted file mode 100644
index 32961c7392e..00000000000
--- a/changelogs/unreleased/security-dblessing-sanitize-group-names.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent XSS in group name validations
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-disable-caching-for-wiki-attachments.yml b/changelogs/unreleased/security-disable-caching-for-wiki-attachments.yml
deleted file mode 100644
index 8e1bececa8d..00000000000
--- a/changelogs/unreleased/security-disable-caching-for-wiki-attachments.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Disable caching for wiki attachments
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-disable-github-import-api-by-seetings.yml b/changelogs/unreleased/security-disable-github-import-api-by-seetings.yml
deleted file mode 100644
index 7bf04da16c9..00000000000
--- a/changelogs/unreleased/security-disable-github-import-api-by-seetings.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Disable Github Importer API by settings
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-fix-malicious-comment-master.yml b/changelogs/unreleased/security-fix-malicious-comment-master.yml
deleted file mode 100644
index d3825f893d8..00000000000
--- a/changelogs/unreleased/security-fix-malicious-comment-master.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix null byte error in upload path
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-fix-time-tracking-permissions-api.yml b/changelogs/unreleased/security-fix-time-tracking-permissions-api.yml
deleted file mode 100644
index c49840385cd..00000000000
--- a/changelogs/unreleased/security-fix-time-tracking-permissions-api.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Update permissions for time tracking endpoints
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-fj-add-snippet-repository-validation-bundle-import.yml b/changelogs/unreleased/security-fj-add-snippet-repository-validation-bundle-import.yml
deleted file mode 100644
index ff2ba0950fd..00000000000
--- a/changelogs/unreleased/security-fj-add-snippet-repository-validation-bundle-import.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Add snippet repository validation after bundle import
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-kaminari-update.yml b/changelogs/unreleased/security-kaminari-update.yml
deleted file mode 100644
index 2d28520b52e..00000000000
--- a/changelogs/unreleased/security-kaminari-update.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Update Kaminari gem
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-user-name-html.yml b/changelogs/unreleased/security-user-name-html.yml
deleted file mode 100644
index a56ae26ee79..00000000000
--- a/changelogs/unreleased/security-user-name-html.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix note author name rendering
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-xss-bitbucket-import.yml b/changelogs/unreleased/security-xss-bitbucket-import.yml
deleted file mode 100644
index 91348d638ee..00000000000
--- a/changelogs/unreleased/security-xss-bitbucket-import.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Sanitize bitbucket repo urls to mitigate XSS
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-xss-error-tracking.yml b/changelogs/unreleased/security-xss-error-tracking.yml
deleted file mode 100644
index 04e5b549cfb..00000000000
--- a/changelogs/unreleased/security-xss-error-tracking.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Stored XSS on the Error Tracking page
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-xss-issuables-list.yml b/changelogs/unreleased/security-xss-issuables-list.yml
deleted file mode 100644
index b158bce4577..00000000000
--- a/changelogs/unreleased/security-xss-issuables-list.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix security issue when rendering issuable
-merge_request:
-author:
-type: security
View Lorry Controller Status