Add latest changes from gitlab-org/security/gitlab@13-7-stable-eev13.7.2

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-01-07 07:40:49 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-01-07 07:40:49 +0000
commit: 15e305ed34e03560429db4dafcb835bd027a348f (patch)
tree: 2dc8f963aa9b3de573af212c67ecfa74443464a7 /CHANGELOG.md
parent: d4d523a5ab35764d68652e0ef8f1bdd7de0c009f (diff)
download: gitlab-ce-15e305ed34e03560429db4dafcb835bd027a348f.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index fe4775033e1..e45d9933ab4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,19 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 13.7.2 (2021-01-07)
+
+### Security (7 changes)
+
+- Forbid public cache for private repos.
+- Deny implicit flow for confidential apps.
+- Update NuGet regular expression to protect against ReDoS.
+- Fix regular expression backtracking issue in package name validation.
+- Fix stealing API token from GitLab Pages and DoS Prometheus through GitLab Pages.
+- Update trusted OAuth applications to set them as confidential.
+- Upgrade Workhorse to 8.58.2.
+
+
 ## 13.7.1 (2020-12-23)
 
 ### Fixed (1 change)
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-01-07 07:40:49 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-01-07 07:40:49 +0000
commit	15e305ed34e03560429db4dafcb835bd027a348f (patch)
tree	2dc8f963aa9b3de573af212c67ecfa74443464a7 /CHANGELOG.md
parent	d4d523a5ab35764d68652e0ef8f1bdd7de0c009f (diff)
download	gitlab-ce-15e305ed34e03560429db4dafcb835bd027a348f.tar.gz