Add latest changes from gitlab-org/security/gitlab@13-4-stable-eev13.4.7

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-12-07 13:18:34 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-12-07 13:18:34 +0000
commit: 5cd677fa8419c817ef03956b269d9d4ff1d9ba28 (patch)
tree: 04f887cc426f488f60f783db8945c010eb3a7c6b /CHANGELOG.md
parent: adc00b83fec99cfdd2b532b7892e7a242a38bfa8 (diff)
download: gitlab-ce-5cd677fa8419c817ef03956b269d9d4ff1d9ba28.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7f5f837d9c3..84f3126d785 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,22 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 13.4.7 (2020-12-07)
+
+### Security (10 changes)
+
+- Validate zoom links to start with https only. !1055
+- Require at least 3 characters when searching for project in the Explore page.
+- Do not show emails of users in confirmation page.
+- Forbid setting a gitlabUserList strategy to a list from another project.
+- Fix mermaid resource consumption in GFM fields.
+- Ensure group and project memberships are not leaked via API for users with private profiles.
+- GraphQL User: do not expose email if set to private.
+- Filter search parameter to prevent data leaks.
+- Do not expose starred projects of users with private profile via API.
+- Do not show starred & contributed projects of users with private profile.
+
+
 ## 13.4.6 (2020-11-03)
 
 ### Fixed (1 change)
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-12-07 13:18:34 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-12-07 13:18:34 +0000
commit	5cd677fa8419c817ef03956b269d9d4ff1d9ba28 (patch)
tree	04f887cc426f488f60f783db8945c010eb3a7c6b /CHANGELOG.md
parent	adc00b83fec99cfdd2b532b7892e7a242a38bfa8 (diff)
download	gitlab-ce-5cd677fa8419c817ef03956b269d9d4ff1d9ba28.tar.gz