summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>2020-10-01 12:46:44 +0000
committerGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>2020-10-01 12:46:44 +0000
commit5150dc27ee891d338f7b60fe15f8e6202a01958b (patch)
tree4f88455d0ac5ba48372a90ffa786d76693d4e586
parent54f5f2d902d087c2e0545694e3ec9da7a4b24ad2 (diff)
downloadgitlab-ce-5150dc27ee891d338f7b60fe15f8e6202a01958b.tar.gz
Update CHANGELOG.md for 13.4.2
[ci skip]
-rw-r--r--CHANGELOG.md20
-rw-r--r--changelogs/unreleased/17817-hashed_session_ids_in_redis.yml5
-rw-r--r--changelogs/unreleased/195327-update-confidentiality-and-milestone.yml6
-rw-r--r--changelogs/unreleased/222349-purge_unaccepted_member_invitations.yml5
-rw-r--r--changelogs/unreleased/feature-flag-plan-limits.yml5
-rw-r--r--changelogs/unreleased/security-44-stored-xss-via-svg-file-preview.yml5
-rw-r--r--changelogs/unreleased/security-ensure-prerequisites-are-met-before-account-deletion.yml5
-rw-r--r--changelogs/unreleased/security-fix-safe-params-helper.yml4
-rw-r--r--changelogs/unreleased/security-fix_session_bypassing_for_admin_mode_in_api.yml5
-rw-r--r--changelogs/unreleased/security-fixes-release-asset-link-filepath-ReDoS.yml5
-rw-r--r--changelogs/unreleased/security-insufficient-type-check.yml5
-rw-r--r--changelogs/unreleased/security-members-expiry-date-should-be-in-future.yml5
-rw-r--r--changelogs/unreleased/security-rate-limit-email-confirmation.yml5
-rw-r--r--changelogs/unreleased/security-todos-redact-guests.yml5
-rw-r--r--changelogs/unreleased/security-update-runner-version-13-4-stable.yml5
15 files changed, 20 insertions, 70 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index a3d165653c2..95191fd373d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,26 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
+## 13.4.2 (2020-10-01)
+
+### Security (14 changes)
+
+- Do not store session id in Redis.
+- Fix permission checks when updating confidentiality and milestone on issues or merge requests.
+- Purge unaccepted member invitations older than 90 days.
+- Adds feature flags plan limits.
+- Prevent SVG XSS via Web IDE.
+- Ensure user has no solo owned groups before triggering account deletion.
+- Security fix safe params helper.
+- Do not bypass admin mode when authenticated with deploy token.
+- Fixes release asset link filepath ReDoS.
+- Ensure global ID is of Annotation type in GraphQL destroy mutation.
+- Validate that membership expiry dates are not in the past.
+- Rate limit adding new email and re-sending email confirmation.
+- Fix redaction of confidential Todos.
+- Update GitLab Runner Helm Chart to 0.20.2.
+
+
## 13.4.1 (2020-09-24)
### Fixed (2 changes)
diff --git a/changelogs/unreleased/17817-hashed_session_ids_in_redis.yml b/changelogs/unreleased/17817-hashed_session_ids_in_redis.yml
deleted file mode 100644
index 0c274f33f36..00000000000
--- a/changelogs/unreleased/17817-hashed_session_ids_in_redis.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Do not store session id in Redis
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/195327-update-confidentiality-and-milestone.yml b/changelogs/unreleased/195327-update-confidentiality-and-milestone.yml
deleted file mode 100644
index 1f883523353..00000000000
--- a/changelogs/unreleased/195327-update-confidentiality-and-milestone.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-title: Fix permission checks when updating confidentiality and milestone on issues
- or merge requests
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/222349-purge_unaccepted_member_invitations.yml b/changelogs/unreleased/222349-purge_unaccepted_member_invitations.yml
deleted file mode 100644
index 988ebe9f0c8..00000000000
--- a/changelogs/unreleased/222349-purge_unaccepted_member_invitations.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Purge unaccepted member invitations older than 90 days
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/feature-flag-plan-limits.yml b/changelogs/unreleased/feature-flag-plan-limits.yml
deleted file mode 100644
index cac5e0847e4..00000000000
--- a/changelogs/unreleased/feature-flag-plan-limits.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Adds feature flags plan limits
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-44-stored-xss-via-svg-file-preview.yml b/changelogs/unreleased/security-44-stored-xss-via-svg-file-preview.yml
deleted file mode 100644
index 89a1eedb753..00000000000
--- a/changelogs/unreleased/security-44-stored-xss-via-svg-file-preview.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent SVG XSS via Web IDE
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-ensure-prerequisites-are-met-before-account-deletion.yml b/changelogs/unreleased/security-ensure-prerequisites-are-met-before-account-deletion.yml
deleted file mode 100644
index 4b8f1c64ec7..00000000000
--- a/changelogs/unreleased/security-ensure-prerequisites-are-met-before-account-deletion.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Ensure user has no solo owned groups before triggering account deletion
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-fix-safe-params-helper.yml b/changelogs/unreleased/security-fix-safe-params-helper.yml
deleted file mode 100644
index ac7d2b60ff2..00000000000
--- a/changelogs/unreleased/security-fix-safe-params-helper.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-title: Security fix safe params helper
-author:
-type: security
diff --git a/changelogs/unreleased/security-fix_session_bypassing_for_admin_mode_in_api.yml b/changelogs/unreleased/security-fix_session_bypassing_for_admin_mode_in_api.yml
deleted file mode 100644
index bf86f177cd3..00000000000
--- a/changelogs/unreleased/security-fix_session_bypassing_for_admin_mode_in_api.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Do not bypass admin mode when authenticated with deploy token
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-fixes-release-asset-link-filepath-ReDoS.yml b/changelogs/unreleased/security-fixes-release-asset-link-filepath-ReDoS.yml
deleted file mode 100644
index e48c3ff963c..00000000000
--- a/changelogs/unreleased/security-fixes-release-asset-link-filepath-ReDoS.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fixes release asset link filepath ReDoS
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-insufficient-type-check.yml b/changelogs/unreleased/security-insufficient-type-check.yml
deleted file mode 100644
index b5ce90e7dd4..00000000000
--- a/changelogs/unreleased/security-insufficient-type-check.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Ensure global ID is of Annotation type in GraphQL destroy mutation
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-members-expiry-date-should-be-in-future.yml b/changelogs/unreleased/security-members-expiry-date-should-be-in-future.yml
deleted file mode 100644
index 42418f24345..00000000000
--- a/changelogs/unreleased/security-members-expiry-date-should-be-in-future.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Validate that membership expiry dates are not in the past
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-rate-limit-email-confirmation.yml b/changelogs/unreleased/security-rate-limit-email-confirmation.yml
deleted file mode 100644
index 4fa34a3739d..00000000000
--- a/changelogs/unreleased/security-rate-limit-email-confirmation.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Rate limit adding new email and re-sending email confirmation
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-todos-redact-guests.yml b/changelogs/unreleased/security-todos-redact-guests.yml
deleted file mode 100644
index a2e97b847d3..00000000000
--- a/changelogs/unreleased/security-todos-redact-guests.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix redaction of confidential Todos
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-update-runner-version-13-4-stable.yml b/changelogs/unreleased/security-update-runner-version-13-4-stable.yml
deleted file mode 100644
index ddf3eb7e267..00000000000
--- a/changelogs/unreleased/security-update-runner-version-13-4-stable.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Update GitLab Runner Helm Chart to 0.20.2
-merge_request:
-author:
-type: security