diff options
| author | Yorick Peterse <yorick@yorickpeterse.com> | 2020-07-01 15:24:23 +0200 |
|---|---|---|
| committer | Yorick Peterse <yorick@yorickpeterse.com> | 2020-07-01 15:24:23 +0200 |
| commit | dd648433bc988a362907d26d219e5583dfd87ae8 (patch) | |
| tree | 47eeedf66fcc3aa51e0f694d41563ec7d1d70e38 /CHANGELOG.md | |
| parent | f2e450724cfda7c9b5051d152f22b9de8d0642e8 (diff) | |
| download | gitlab-ce-dd648433bc988a362907d26d219e5583dfd87ae8.tar.gz | |
Added missing changelog for 12.10.13
[ci skip]
Diffstat (limited to 'CHANGELOG.md')
| -rw-r--r-- | CHANGELOG.md | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 53a8c46ac85..d89fe60985a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -670,6 +670,27 @@ entry. - Use visitUrl in Alert management. !32414 +## 12.10.13 (2020-07-01) + +### Security (15 changes) + +- Do not show activity for users with private profiles. +- Fix stored XSS in markdown renderer. +- Upgrade swagger-ui to solve XSS issues. +- Fix group deploy token API authorizations. +- Check access when sending TODOs related to merge requests. +- Change from hybrid to JSON cookies serializer. +- Prevent XSS in group name validations. +- Disable caching for wiki attachments. +- Fix null byte error in upload path. +- Update permissions for time tracking endpoints. +- Update Kaminari gem. +- Fix note author name rendering. +- Sanitize bitbucket repo urls to mitigate XSS. +- Stored XSS on the Error Tracking page. +- Fix security issue when rendering issuable. + + ## 12.10.12 (2020-06-24) ### Fixed (1 change) |