Add latest changes from gitlab-org/gitlab@13-10-stable-eev13.10.0-rc40

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-03-16 18:18:33 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-03-16 18:18:33 +0000
commit: f64a639bcfa1fc2bc89ca7db268f594306edfd7c (patch)
tree: a2c3c2ebcc3b45e596949db485d6ed18ffaacfa1 /CHANGELOG.md
parent: bfbc3e0d6583ea1a91f627528bedc3d65ba4b10f (diff)
download: gitlab-ce-f64a639bcfa1fc2bc89ca7db268f594306edfd7c.tar.gz
1 files changed, 23 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index ce665eb7fcc..742a3a2d972 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -610,6 +610,18 @@ entry.
 - Apply new GitLab UI for buttons in pipeline schedules.
 
 
+## 13.8.5 (2021-03-04)
+
+### Security (6 changes)
+
+- Fix XSS in wiki author email and name.
+- Bump thrift gem to 0.14.0.
+- Allow only owners to manage group variables.
+- Do not store marshalled sessions ids in Redis.
+- Workhorse: prevent escaped router path traversal.
+- Fix XSS vulnerability for swagger file viewer.
+
+
 ## 13.8.4 (2021-02-11)
 
 ### Security (9 changes)
@@ -1010,6 +1022,17 @@ entry.
 - Add verbiage + link sast to show it's in core. !51935
 
 
+## 13.7.8 (2021-03-04)
+
+### Security (5 changes)
+
+- Bump thrift gem to 0.14.0.
+- Allow only owners to manage group variables.
+- Do not store marshalled sessions ids in Redis.
+- Workhorse: prevent escaped router path traversal.
+- Fix XSS vulnerability for swagger file viewer.
+
+
 ## 13.7.7 (2021-02-11)
 
 ### Security (9 changes)
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-03-16 18:18:33 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-03-16 18:18:33 +0000
commit	f64a639bcfa1fc2bc89ca7db268f594306edfd7c (patch)
tree	a2c3c2ebcc3b45e596949db485d6ed18ffaacfa1 /CHANGELOG.md
parent	bfbc3e0d6583ea1a91f627528bedc3d65ba4b10f (diff)
download	gitlab-ce-f64a639bcfa1fc2bc89ca7db268f594306edfd7c.tar.gz