Add latest changes from gitlab-org/security/gitlab@13-10-stable-eev13.10.1

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-03-31 12:23:42 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-03-31 12:23:42 +0000
commit: c93927607f55350f2e2af4bdaf03ff9dba80ab1d (patch)
tree: be836d10a991163527d2e349ff1e770276ecbea2 /CHANGELOG.md
parent: 15f38fbeb1d235b5270d8771fdb8cf3283454091 (diff)
download: gitlab-ce-c93927607f55350f2e2af4bdaf03ff9dba80ab1d.tar.gz
1 files changed, 22 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index a86c95e163c..e6d382fef4b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,28 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 13.10.1 (2021-03-31)
+
+### Security (6 changes)
+
+- Leave pool repository on fork unlinking.
+- Fixed XSS in merge requests sidebar.
+- Fix arbitrary read/write in AsciiDoctor and Kroki gems.
+- Prevent infinite loop when checking if collaboration is allowed.
+- Disable arbitrary URI and file reads in JSON validator.
+- Require POST request to trigger system hooks.
+
+### Removed (1 change)
+
+- Make HipChat project service do nothing. !57434
+
+### Other (3 changes)
+
+- Remove direct mimemagic dependency. !57387
+- Refactor MimeMagic calls to new MimeType class. !57421
+- Switch to using a fake mimemagic gem. !57443
+
+
 ## 13.10.0 (2021-03-22)
 
 ### Security (3 changes)
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-03-31 12:23:42 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-03-31 12:23:42 +0000
commit	c93927607f55350f2e2af4bdaf03ff9dba80ab1d (patch)
tree	be836d10a991163527d2e349ff1e770276ecbea2 /CHANGELOG.md
parent	15f38fbeb1d235b5270d8771fdb8cf3283454091 (diff)
download	gitlab-ce-c93927607f55350f2e2af4bdaf03ff9dba80ab1d.tar.gz