diff options
author | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2021-03-04 19:10:30 +0000 |
---|---|---|
committer | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2021-03-04 19:10:30 +0000 |
commit | 9a70fcd2e277721bbe7b9a0c92ed925ddea201b6 (patch) | |
tree | 01b1c941fae4768b8803526e0799aa09a245f244 /CHANGELOG.md | |
parent | 03979b4aaf060cae40934b2aade0bbe8a210e311 (diff) | |
parent | 189a15a911843a9059d1f8bfd31008557bea520b (diff) | |
download | gitlab-ce-9a70fcd2e277721bbe7b9a0c92ed925ddea201b6.tar.gz |
Merge remote-tracking branch 'dev/13-9-stable' into 13-9-stable
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r-- | CHANGELOG.md | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 1bd602f975d..b5a038d9106 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,18 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 13.9.2 (2021-03-04) + +### Security (6 changes) + +- Bump thrift gem to 0.14.0. +- Allow only owners to manage group variables. +- Do not store marshalled sessions ids in Redis. +- Fix XSS in wiki author email and name. +- Workhorse: prevent escaped router path traversal. +- Fix XSS vulnerability for swagger file viewer. + + ## 13.9.1 (2021-02-23) ### Fixed (6 changes, 1 of them is from the community) |