summaryrefslogtreecommitdiff
path: root/CHANGELOG.md
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2020-12-07 09:37:32 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2020-12-07 09:37:32 +0000
commitf508fb8a043a4b1f996cb7ec8bba198e5b5986f5 (patch)
tree11bb99aa913b3a18342818e15a71856e214caee6 /CHANGELOG.md
parent449338db4a18f4bbf0980e0c6c16101758a70afb (diff)
downloadgitlab-ce-f508fb8a043a4b1f996cb7ec8bba198e5b5986f5.tar.gz
Add latest changes from gitlab-org/security/gitlab@13-6-stable-eev13.6.2
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r--CHANGELOG.md16
1 files changed, 16 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6b0c4b07275..d2ecaa19b49 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,22 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
+## 13.6.2 (2020-12-07)
+
+### Security (10 changes)
+
+- Validate zoom links to start with https only. !1055
+- Require at least 3 characters when searching for project in the Explore page.
+- Do not show emails of users in confirmation page.
+- Forbid setting a gitlabUserList strategy to a list from another project.
+- Fix mermaid resource consumption in GFM fields.
+- Ensure group and project memberships are not leaked via API for users with private profiles.
+- GraphQL User: do not expose email if set to private.
+- Filter search parameter to prevent data leaks.
+- Do not expose starred projects of users with private profile via API.
+- Do not show starred & contributed projects of users with private profile.
+
+
## 13.6.1 (2020-11-23)
### Fixed (5 changes)