Add latest changes from gitlab-org/security/gitlab@13-6-stable-eev13.6.2

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-12-07 09:37:32 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-12-07 09:37:32 +0000
commit: f508fb8a043a4b1f996cb7ec8bba198e5b5986f5 (patch)
tree: 11bb99aa913b3a18342818e15a71856e214caee6 /CHANGELOG.md
parent: 449338db4a18f4bbf0980e0c6c16101758a70afb (diff)
download: gitlab-ce-f508fb8a043a4b1f996cb7ec8bba198e5b5986f5.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6b0c4b07275..d2ecaa19b49 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,22 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 13.6.2 (2020-12-07)
+
+### Security (10 changes)
+
+- Validate zoom links to start with https only. !1055
+- Require at least 3 characters when searching for project in the Explore page.
+- Do not show emails of users in confirmation page.
+- Forbid setting a gitlabUserList strategy to a list from another project.
+- Fix mermaid resource consumption in GFM fields.
+- Ensure group and project memberships are not leaked via API for users with private profiles.
+- GraphQL User: do not expose email if set to private.
+- Filter search parameter to prevent data leaks.
+- Do not expose starred projects of users with private profile via API.
+- Do not show starred & contributed projects of users with private profile.
+
+
 ## 13.6.1 (2020-11-23)
 
 ### Fixed (5 changes)
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-12-07 09:37:32 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-12-07 09:37:32 +0000
commit	f508fb8a043a4b1f996cb7ec8bba198e5b5986f5 (patch)
tree	11bb99aa913b3a18342818e15a71856e214caee6 /CHANGELOG.md
parent	449338db4a18f4bbf0980e0c6c16101758a70afb (diff)
download	gitlab-ce-f508fb8a043a4b1f996cb7ec8bba198e5b5986f5.tar.gz