diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-12-17 11:59:07 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-12-17 11:59:07 +0000 |
commit | 8b573c94895dc0ac0e1d9d59cf3e8745e8b539ca (patch) | |
tree | 544930fb309b30317ae9797a9683768705d664c4 /CHANGELOG.md | |
parent | 4b1de649d0168371549608993deac953eb692019 (diff) | |
download | gitlab-ce-8b573c94895dc0ac0e1d9d59cf3e8745e8b539ca.tar.gz |
Add latest changes from gitlab-org/gitlab@13-7-stable-eev13.7.0-rc42
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r-- | CHANGELOG.md | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index b676ddad5fa..5383491ffe5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -560,6 +560,22 @@ entry. - Change wording on the project remove fork page. !47878 +## 13.5.5 (2020-12-07) + +### Security (10 changes) + +- Validate zoom links to start with https only. !1055 +- Require at least 3 characters when searching for project in the Explore page. +- Do not show emails of users in confirmation page. +- Forbid setting a gitlabUserList strategy to a list from another project. +- Fix mermaid resource consumption in GFM fields. +- Ensure group and project memberships are not leaked via API for users with private profiles. +- GraphQL User: do not expose email if set to private. +- Filter search parameter to prevent data leaks. +- Do not expose starred projects of users with private profile via API. +- Do not show starred & contributed projects of users with private profile. + + ## 13.5.4 (2020-11-13) ### Fixed (4 changes) @@ -1179,6 +1195,22 @@ entry. - Bump cluster applications CI template. !45472 +## 13.4.7 (2020-12-07) + +### Security (10 changes) + +- Validate zoom links to start with https only. !1055 +- Require at least 3 characters when searching for project in the Explore page. +- Do not show emails of users in confirmation page. +- Forbid setting a gitlabUserList strategy to a list from another project. +- Fix mermaid resource consumption in GFM fields. +- Ensure group and project memberships are not leaked via API for users with private profiles. +- GraphQL User: do not expose email if set to private. +- Filter search parameter to prevent data leaks. +- Do not expose starred projects of users with private profile via API. +- Do not show starred & contributed projects of users with private profile. + + ## 13.4.6 (2020-11-03) ### Fixed (1 change) |