summaryrefslogtreecommitdiff
path: root/CHANGELOG.md
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2021-03-04 13:43:08 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2021-03-04 13:43:08 +0000
commit189a15a911843a9059d1f8bfd31008557bea520b (patch)
tree01b1c941fae4768b8803526e0799aa09a245f244 /CHANGELOG.md
parent38a81ea60a5d6a185d5b0466908d07e98c527494 (diff)
downloadgitlab-ce-189a15a911843a9059d1f8bfd31008557bea520b.tar.gz
Add latest changes from gitlab-org/security/gitlab@13-9-stable-eev13.9.2
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r--CHANGELOG.md12
1 files changed, 12 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1bd602f975d..b5a038d9106 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,18 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
+## 13.9.2 (2021-03-04)
+
+### Security (6 changes)
+
+- Bump thrift gem to 0.14.0.
+- Allow only owners to manage group variables.
+- Do not store marshalled sessions ids in Redis.
+- Fix XSS in wiki author email and name.
+- Workhorse: prevent escaped router path traversal.
+- Fix XSS vulnerability for swagger file viewer.
+
+
## 13.9.1 (2021-02-23)
### Fixed (6 changes, 1 of them is from the community)