diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-12-04 16:53:29 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-12-04 16:53:29 +0000 |
commit | da2732bd2c56b6f6a7d8cd4e068976e03bb0350e (patch) | |
tree | 73fcee908d8b75b20e1a4154663c900f99350150 /changelogs/unreleased | |
parent | ec4a1458f6333332cbc345f9de57bdf15d16667a (diff) | |
download | gitlab-ce-da2732bd2c56b6f6a7d8cd4e068976e03bb0350e.tar.gz |
Add latest changes from gitlab-org/security/gitlab@13-5-stable-ee
Diffstat (limited to 'changelogs/unreleased')
5 files changed, 25 insertions, 0 deletions
diff --git a/changelogs/unreleased/security-296-private_profile_exposure.yml b/changelogs/unreleased/security-296-private_profile_exposure.yml new file mode 100644 index 00000000000..05d98788aed --- /dev/null +++ b/changelogs/unreleased/security-296-private_profile_exposure.yml @@ -0,0 +1,5 @@ +--- +title: Ensure group and project memberships are not leaked via API for users with private profiles +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-hide-email-in-confirmation-page.yml b/changelogs/unreleased/security-hide-email-in-confirmation-page.yml new file mode 100644 index 00000000000..b8f448acfcd --- /dev/null +++ b/changelogs/unreleased/security-hide-email-in-confirmation-page.yml @@ -0,0 +1,5 @@ +--- +title: Do not show emails of users in confirmation page +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-project-import-zoom-xss.yml b/changelogs/unreleased/security-project-import-zoom-xss.yml new file mode 100644 index 00000000000..4f4d7f14b6b --- /dev/null +++ b/changelogs/unreleased/security-project-import-zoom-xss.yml @@ -0,0 +1,5 @@ +--- +title: Validate zoom links to start with https only +merge_request: 1055 +author: +type: security diff --git a/changelogs/unreleased/security-starred-projects-api-fix.yml b/changelogs/unreleased/security-starred-projects-api-fix.yml new file mode 100644 index 00000000000..efb12998393 --- /dev/null +++ b/changelogs/unreleased/security-starred-projects-api-fix.yml @@ -0,0 +1,5 @@ +--- +title: Do not expose starred projects of users with private profile via API +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-starred-projects-private-profile.yml b/changelogs/unreleased/security-starred-projects-private-profile.yml new file mode 100644 index 00000000000..1fb47dce518 --- /dev/null +++ b/changelogs/unreleased/security-starred-projects-private-profile.yml @@ -0,0 +1,5 @@ +--- +title: Do not show starred & contributed projects of users with private profile +merge_request: +author: +type: security |