Add latest changes from gitlab-org/gitlab@13-2-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-08-05 18:10:10 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-08-05 18:10:10 +0000
commit: ea4766228b5536c83f1917d6058be913472ffa2d (patch)
tree: 5ebf5ea0f996be6c6908e6b631b72c33bc13e997 /CHANGELOG.md
parent: 4b64dc27ae5bac20dec888431c236fef2bfdc449 (diff)
download: gitlab-ce-ea4766228b5536c83f1917d6058be913472ffa2d.tar.gz
1 files changed, 15 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6055223dfde..37984938590 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,7 +4,21 @@ entry.
 
 ## 13.2.3 (2020-08-05)
 
-- No changes.
+### Security (12 changes)
+
+- Update kramdown gem to version 2.3.0.
+- Enforce 2FA on Doorkeeper controllers.
+- Revoke OAuth grants when a user revokes an application.
+- Refresh project authorizations when transferring groups.
+- Stop excess logs from failure to send invite email when group no longer exists.
+- Verify confirmed email for OAuth Authorize POST endpoint.
+- Fix XSS in Markdown reference tooltips.
+- Fix XSS in milestone tooltips.
+- Fix xss vulnerability on jobs view.
+- Block 40-character hexadecimal branches.
+- Prevent a temporary access escalation before group memberships are recalculated when specialized project share workers are enabled.
+- Update GitLab Runner Helm Chart to 0.18.2.
+
 
 ## 13.2.2 (2020-07-29)
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-08-05 18:10:10 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-08-05 18:10:10 +0000
commit	ea4766228b5536c83f1917d6058be913472ffa2d (patch)
tree	5ebf5ea0f996be6c6908e6b631b72c33bc13e997 /CHANGELOG.md
parent	4b64dc27ae5bac20dec888431c236fef2bfdc449 (diff)
download	gitlab-ce-ea4766228b5536c83f1917d6058be913472ffa2d.tar.gz