summaryrefslogtreecommitdiff
path: root/CHANGELOG.md
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2021-03-31 12:23:42 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2021-03-31 12:23:42 +0000
commitc93927607f55350f2e2af4bdaf03ff9dba80ab1d (patch)
treebe836d10a991163527d2e349ff1e770276ecbea2 /CHANGELOG.md
parent15f38fbeb1d235b5270d8771fdb8cf3283454091 (diff)
downloadgitlab-ce-c93927607f55350f2e2af4bdaf03ff9dba80ab1d.tar.gz
Add latest changes from gitlab-org/security/gitlab@13-10-stable-eev13.10.1
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r--CHANGELOG.md22
1 files changed, 22 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index a86c95e163c..e6d382fef4b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,28 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
+## 13.10.1 (2021-03-31)
+
+### Security (6 changes)
+
+- Leave pool repository on fork unlinking.
+- Fixed XSS in merge requests sidebar.
+- Fix arbitrary read/write in AsciiDoctor and Kroki gems.
+- Prevent infinite loop when checking if collaboration is allowed.
+- Disable arbitrary URI and file reads in JSON validator.
+- Require POST request to trigger system hooks.
+
+### Removed (1 change)
+
+- Make HipChat project service do nothing. !57434
+
+### Other (3 changes)
+
+- Remove direct mimemagic dependency. !57387
+- Refactor MimeMagic calls to new MimeType class. !57421
+- Switch to using a fake mimemagic gem. !57443
+
+
## 13.10.0 (2021-03-22)
### Security (3 changes)