summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>2020-09-02 09:25:10 +0000
committerGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>2020-09-02 09:25:10 +0000
commit18eb5628fc84473bb12c40530eaa0c16a2d9d652 (patch)
treec6e7f80d2e107fc709301d712d602da0a355f017
parent6c324ce4e5f180a14f7398486cc5d5383bb62f3f (diff)
downloadgitlab-ce-18eb5628fc84473bb12c40530eaa0c16a2d9d652.tar.gz
Update CHANGELOG.md for 13.3.3
[ci skip]
-rw-r--r--CHANGELOG.md29
-rw-r--r--changelogs/unreleased/215879-check-validity-of-repository-mirror-urls.yml5
-rw-r--r--changelogs/unreleased/security-199-show-actual-group.yml6
-rw-r--r--changelogs/unreleased/security-209-dblessing-prevent-stale-otp-user-id.yml5
-rw-r--r--changelogs/unreleased/security-212-regenerate-2fa-app-code.yml5
-rw-r--r--changelogs/unreleased/security-213-delete-other-sessions-when-activating-2fa.yml5
-rw-r--r--changelogs/unreleased/security-214-dblessing-revoke-session-on-pw-change.yml5
-rw-r--r--changelogs/unreleased/security-216-access-to-private-projects.yml5
-rw-r--r--changelogs/unreleased/security-217-dblessing-safe-omniauth-errors.yml5
-rw-r--r--changelogs/unreleased/security-218-prevent-2fa-bypass-using-api.yml6
-rw-r--r--changelogs/unreleased/security-220-dblessing-revoke-remember-me-on-session-revocation.yml5
-rw-r--r--changelogs/unreleased/security-223-webhook-dos-attack.yml5
-rw-r--r--changelogs/unreleased/security-add-presence-validation-oauth-apps.yml5
-rw-r--r--changelogs/unreleased/security-api-auth-use-job-token-for-running-jobs.yml5
-rw-r--r--changelogs/unreleased/security-deploy-token-can-read-disabled-repo.yml5
-rw-r--r--changelogs/unreleased/security-fix-conan-workhorse-params.yml5
-rw-r--r--changelogs/unreleased/security-graphql-type-check.yml5
-rw-r--r--changelogs/unreleased/security-improper-access-control-on-deploy-key.yml5
-rw-r--r--changelogs/unreleased/security-pb-limit-profile-events.yml5
-rw-r--r--changelogs/unreleased/security-prevent-aws-external-id-manipulation.yml5
-rw-r--r--changelogs/unreleased/security-projectmaintainer-edit-badges.yml5
-rw-r--r--changelogs/unreleased/security-upgrade-jquery-3-5.yml5
-rw-r--r--changelogs/unreleased/security-websocket-extensions-update-0-1-5.yml5
-rw-r--r--changelogs/unreleased/update-gitlab-runner-helm-chart-to-0-19-3.yml5
24 files changed, 29 insertions, 117 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 60e1d7820da..89c328b93d3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,35 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
+## 13.3.3 (2020-09-02)
+
+### Security (23 changes, 1 of them is from the community)
+
+- Check validity of project's import_url before mirroring repository.
+- Show on two-factor authentication setup page groups that are the cause of this requirement.
+- Prevent interrupted 2FA sign-in from signing-in incorrect user.
+- Create new 2FA code each time user is entering 2FA setup page.
+- Remove all sessions but current while enabling 2FA.
+- Invalidate two factor sign-in when user password changes.
+- Delete members invites created by users being deleted.
+- Prevent OmniAuth from rendering arbitrary error messages.
+- Prevent not-2fa authenticated users that are supposed to use it to consume api via session.
+- Invalidate remember me when an active session is revoked.
+- Add rate limit on webhooks testing feature.
+- Add scope presence validation to OAuth Application creation.
+- Allow only running job tokens for API authentication.
+- Prevent Deploy Tokens to read project resources when repository is disabled.
+- Change conan api to use proper workhorse validation.
+- Ensure global ID is of Snippet type in GraphQL destroy mutation.
+- Fix Improper Access Control on Deploy-Key.
+- Set maximum limit for profile events.
+- Persist EKS External ID before presenting it to the user.
+- Prevent project maintainers from editing group badges.
+- Upgrade jquery to v3.5.
+- Update websocket-extensions gem to 0.1.5. (Vitor Meireles De Sousa)
+- Update GitLab Runner Helm Chart to 0.19.3.
+
+
## 13.3.2 (2020-08-28)
### Removed (1 change)
diff --git a/changelogs/unreleased/215879-check-validity-of-repository-mirror-urls.yml b/changelogs/unreleased/215879-check-validity-of-repository-mirror-urls.yml
deleted file mode 100644
index 0117d6a3ccf..00000000000
--- a/changelogs/unreleased/215879-check-validity-of-repository-mirror-urls.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Check validity of project's import_url before mirroring repository
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-199-show-actual-group.yml b/changelogs/unreleased/security-199-show-actual-group.yml
deleted file mode 100644
index 91f5e4dea01..00000000000
--- a/changelogs/unreleased/security-199-show-actual-group.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-title: Show on two-factor authentication setup page groups that are the cause of this
- requirement
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-209-dblessing-prevent-stale-otp-user-id.yml b/changelogs/unreleased/security-209-dblessing-prevent-stale-otp-user-id.yml
deleted file mode 100644
index 8fe0892f39b..00000000000
--- a/changelogs/unreleased/security-209-dblessing-prevent-stale-otp-user-id.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent interrupted 2FA sign-in from signing-in incorrect user
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-212-regenerate-2fa-app-code.yml b/changelogs/unreleased/security-212-regenerate-2fa-app-code.yml
deleted file mode 100644
index c07dcb168f0..00000000000
--- a/changelogs/unreleased/security-212-regenerate-2fa-app-code.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Create new 2FA code each time user is entering 2FA setup page
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-213-delete-other-sessions-when-activating-2fa.yml b/changelogs/unreleased/security-213-delete-other-sessions-when-activating-2fa.yml
deleted file mode 100644
index c690af01c6a..00000000000
--- a/changelogs/unreleased/security-213-delete-other-sessions-when-activating-2fa.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Remove all sessions but current while enabling 2FA
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-214-dblessing-revoke-session-on-pw-change.yml b/changelogs/unreleased/security-214-dblessing-revoke-session-on-pw-change.yml
deleted file mode 100644
index f8549721588..00000000000
--- a/changelogs/unreleased/security-214-dblessing-revoke-session-on-pw-change.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Invalidate two factor sign-in when user password changes
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-216-access-to-private-projects.yml b/changelogs/unreleased/security-216-access-to-private-projects.yml
deleted file mode 100644
index bc54586fad3..00000000000
--- a/changelogs/unreleased/security-216-access-to-private-projects.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Delete members invites created by users being deleted
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-217-dblessing-safe-omniauth-errors.yml b/changelogs/unreleased/security-217-dblessing-safe-omniauth-errors.yml
deleted file mode 100644
index 1262ae4f836..00000000000
--- a/changelogs/unreleased/security-217-dblessing-safe-omniauth-errors.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent OmniAuth from rendering arbitrary error messages
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-218-prevent-2fa-bypass-using-api.yml b/changelogs/unreleased/security-218-prevent-2fa-bypass-using-api.yml
deleted file mode 100644
index 7f79c5fc412..00000000000
--- a/changelogs/unreleased/security-218-prevent-2fa-bypass-using-api.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-title: Prevent not-2fa authenticated users that are supposed to use it to consume
- api via session
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-220-dblessing-revoke-remember-me-on-session-revocation.yml b/changelogs/unreleased/security-220-dblessing-revoke-remember-me-on-session-revocation.yml
deleted file mode 100644
index 830002a19d7..00000000000
--- a/changelogs/unreleased/security-220-dblessing-revoke-remember-me-on-session-revocation.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Invalidate remember me when an active session is revoked
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-223-webhook-dos-attack.yml b/changelogs/unreleased/security-223-webhook-dos-attack.yml
deleted file mode 100644
index ef1ab2c2415..00000000000
--- a/changelogs/unreleased/security-223-webhook-dos-attack.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Add rate limit on webhooks testing feature
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-add-presence-validation-oauth-apps.yml b/changelogs/unreleased/security-add-presence-validation-oauth-apps.yml
deleted file mode 100644
index 01f6a825679..00000000000
--- a/changelogs/unreleased/security-add-presence-validation-oauth-apps.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Add scope presence validation to OAuth Application creation
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-api-auth-use-job-token-for-running-jobs.yml b/changelogs/unreleased/security-api-auth-use-job-token-for-running-jobs.yml
deleted file mode 100644
index febfcd7fc13..00000000000
--- a/changelogs/unreleased/security-api-auth-use-job-token-for-running-jobs.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Allow only running job tokens for API authentication
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-deploy-token-can-read-disabled-repo.yml b/changelogs/unreleased/security-deploy-token-can-read-disabled-repo.yml
deleted file mode 100644
index c18e4e9674f..00000000000
--- a/changelogs/unreleased/security-deploy-token-can-read-disabled-repo.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent Deploy Tokens to read project resources when repository is disabled
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-fix-conan-workhorse-params.yml b/changelogs/unreleased/security-fix-conan-workhorse-params.yml
deleted file mode 100644
index cc2ec3452f7..00000000000
--- a/changelogs/unreleased/security-fix-conan-workhorse-params.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Change conan api to use proper workhorse validation
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-graphql-type-check.yml b/changelogs/unreleased/security-graphql-type-check.yml
deleted file mode 100644
index 704cdebdb22..00000000000
--- a/changelogs/unreleased/security-graphql-type-check.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Ensure global ID is of Snippet type in GraphQL destroy mutation
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-improper-access-control-on-deploy-key.yml b/changelogs/unreleased/security-improper-access-control-on-deploy-key.yml
deleted file mode 100644
index d10b9214922..00000000000
--- a/changelogs/unreleased/security-improper-access-control-on-deploy-key.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix Improper Access Control on Deploy-Key
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-pb-limit-profile-events.yml b/changelogs/unreleased/security-pb-limit-profile-events.yml
deleted file mode 100644
index f724bcf7e09..00000000000
--- a/changelogs/unreleased/security-pb-limit-profile-events.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Set maximum limit for profile events
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-prevent-aws-external-id-manipulation.yml b/changelogs/unreleased/security-prevent-aws-external-id-manipulation.yml
deleted file mode 100644
index c6b8331d103..00000000000
--- a/changelogs/unreleased/security-prevent-aws-external-id-manipulation.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Persist EKS External ID before presenting it to the user
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-projectmaintainer-edit-badges.yml b/changelogs/unreleased/security-projectmaintainer-edit-badges.yml
deleted file mode 100644
index 936931d7f6b..00000000000
--- a/changelogs/unreleased/security-projectmaintainer-edit-badges.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent project maintainers from editing group badges
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-upgrade-jquery-3-5.yml b/changelogs/unreleased/security-upgrade-jquery-3-5.yml
deleted file mode 100644
index d2a9a8fed6c..00000000000
--- a/changelogs/unreleased/security-upgrade-jquery-3-5.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Upgrade jquery to v3.5
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-websocket-extensions-update-0-1-5.yml b/changelogs/unreleased/security-websocket-extensions-update-0-1-5.yml
deleted file mode 100644
index b2f1776f153..00000000000
--- a/changelogs/unreleased/security-websocket-extensions-update-0-1-5.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Update websocket-extensions gem to 0.1.5
-merge_request:
-author: Vitor Meireles De Sousa
-type: security
diff --git a/changelogs/unreleased/update-gitlab-runner-helm-chart-to-0-19-3.yml b/changelogs/unreleased/update-gitlab-runner-helm-chart-to-0-19-3.yml
deleted file mode 100644
index 8aa5657006f..00000000000
--- a/changelogs/unreleased/update-gitlab-runner-helm-chart-to-0-19-3.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Update GitLab Runner Helm Chart to 0.19.3
-merge_request:
-author:
-type: security