Add latest changes from gitlab-org/security/gitlab@13-7-stable-eev13.7.8

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-03-04 14:14:20 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-03-04 14:14:20 +0000
commit: 7dfe769bfc88aba93ae3029f6d388f1068a41dbd (patch)
tree: da555d6f15388406669c2a49ee19cfae4ff12e47 /CHANGELOG.md
parent: 86d7929e05f92f75aed484de94ff74c0f1af7e67 (diff)
download: gitlab-ce-13.7.8.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9b5728c53a8..5de844c88a6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,17 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 13.7.8 (2021-03-04)
+
+### Security (5 changes)
+
+- Bump thrift gem to 0.14.0.
+- Allow only owners to manage group variables.
+- Do not store marshalled sessions ids in Redis.
+- Workhorse: prevent escaped router path traversal.
+- Fix XSS vulnerability for swagger file viewer.
+
+
 ## 13.7.7 (2021-02-11)
 
 ### Security (9 changes)
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-03-04 14:14:20 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-03-04 14:14:20 +0000
commit	7dfe769bfc88aba93ae3029f6d388f1068a41dbd (patch)
tree	da555d6f15388406669c2a49ee19cfae4ff12e47 /CHANGELOG.md
parent	86d7929e05f92f75aed484de94ff74c0f1af7e67 (diff)
download	gitlab-ce-13.7.8.tar.gz