Add latest changes from gitlab-org/security/gitlab@13-8-stable-eev13.8.5

8 files changed, 13 insertions, 31 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 46776b926c1..866522303f7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,18 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 13.8.5 (2021-03-04)
+
+### Security (6 changes)
+
+- Fix XSS in wiki author email and name.
+- Bump thrift gem to 0.14.0.
+- Allow only owners to manage group variables.
+- Do not store marshalled sessions ids in Redis.
+- Workhorse: prevent escaped router path traversal.
+- Fix XSS vulnerability for swagger file viewer.
+
+
 ## 13.8.4 (2021-02-11)
 
 ### Security (9 changes)
diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION
index 355a70a7731..16b3c156a4e 100644
--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
@@ -1 +1 @@
-13.8.4
\ No newline at end of file
+13.8.5
\ No newline at end of file
diff --git a/changelogs/unreleased/security-13-8-fj-fix-xss-wiki-email.yml b/changelogs/unreleased/security-13-8-fj-fix-xss-wiki-email.yml
deleted file mode 100644
index 9faabdc9750..00000000000
--- a/changelogs/unreleased/security-13-8-fj-fix-xss-wiki-email.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix XSS in wiki author email and name
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-bvl-update-thrift-gem.yml b/changelogs/unreleased/security-bvl-update-thrift-gem.yml
deleted file mode 100644
index afe1a0332e3..00000000000
--- a/changelogs/unreleased/security-bvl-update-thrift-gem.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Bump thrift gem to 0.14.0
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-ci-api-variables-permissions.yml b/changelogs/unreleased/security-ci-api-variables-permissions.yml
deleted file mode 100644
index 05642a0ff57..00000000000
--- a/changelogs/unreleased/security-ci-api-variables-permissions.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Allow only owners to manage group variables
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-clean-up-active-sessions.yml b/changelogs/unreleased/security-clean-up-active-sessions.yml
deleted file mode 100644
index 49d24584ddb..00000000000
--- a/changelogs/unreleased/security-clean-up-active-sessions.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Do not store marshalled sessions ids in Redis
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-jv-workhorse-router-13-8.yml b/changelogs/unreleased/security-jv-workhorse-router-13-8.yml
deleted file mode 100644
index af17a71086d..00000000000
--- a/changelogs/unreleased/security-jv-workhorse-router-13-8.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: 'Workhorse: prevent escaped router path traversal'
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-upgrade-swagger-ui.yml b/changelogs/unreleased/security-upgrade-swagger-ui.yml
deleted file mode 100644
index 280dd92e23e..00000000000
--- a/changelogs/unreleased/security-upgrade-swagger-ui.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix XSS vulnerability for swagger file viewer
-merge_request:
-author:
-type: security