summaryrefslogtreecommitdiff
path: root/changelogs/unreleased
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2020-12-04 16:53:29 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2020-12-04 16:53:29 +0000
commitda2732bd2c56b6f6a7d8cd4e068976e03bb0350e (patch)
tree73fcee908d8b75b20e1a4154663c900f99350150 /changelogs/unreleased
parentec4a1458f6333332cbc345f9de57bdf15d16667a (diff)
downloadgitlab-ce-da2732bd2c56b6f6a7d8cd4e068976e03bb0350e.tar.gz
Add latest changes from gitlab-org/security/gitlab@13-5-stable-ee
Diffstat (limited to 'changelogs/unreleased')
-rw-r--r--changelogs/unreleased/security-296-private_profile_exposure.yml5
-rw-r--r--changelogs/unreleased/security-hide-email-in-confirmation-page.yml5
-rw-r--r--changelogs/unreleased/security-project-import-zoom-xss.yml5
-rw-r--r--changelogs/unreleased/security-starred-projects-api-fix.yml5
-rw-r--r--changelogs/unreleased/security-starred-projects-private-profile.yml5
5 files changed, 25 insertions, 0 deletions
diff --git a/changelogs/unreleased/security-296-private_profile_exposure.yml b/changelogs/unreleased/security-296-private_profile_exposure.yml
new file mode 100644
index 00000000000..05d98788aed
--- /dev/null
+++ b/changelogs/unreleased/security-296-private_profile_exposure.yml
@@ -0,0 +1,5 @@
+---
+title: Ensure group and project memberships are not leaked via API for users with private profiles
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-hide-email-in-confirmation-page.yml b/changelogs/unreleased/security-hide-email-in-confirmation-page.yml
new file mode 100644
index 00000000000..b8f448acfcd
--- /dev/null
+++ b/changelogs/unreleased/security-hide-email-in-confirmation-page.yml
@@ -0,0 +1,5 @@
+---
+title: Do not show emails of users in confirmation page
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-project-import-zoom-xss.yml b/changelogs/unreleased/security-project-import-zoom-xss.yml
new file mode 100644
index 00000000000..4f4d7f14b6b
--- /dev/null
+++ b/changelogs/unreleased/security-project-import-zoom-xss.yml
@@ -0,0 +1,5 @@
+---
+title: Validate zoom links to start with https only
+merge_request: 1055
+author:
+type: security
diff --git a/changelogs/unreleased/security-starred-projects-api-fix.yml b/changelogs/unreleased/security-starred-projects-api-fix.yml
new file mode 100644
index 00000000000..efb12998393
--- /dev/null
+++ b/changelogs/unreleased/security-starred-projects-api-fix.yml
@@ -0,0 +1,5 @@
+---
+title: Do not expose starred projects of users with private profile via API
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-starred-projects-private-profile.yml b/changelogs/unreleased/security-starred-projects-private-profile.yml
new file mode 100644
index 00000000000..1fb47dce518
--- /dev/null
+++ b/changelogs/unreleased/security-starred-projects-private-profile.yml
@@ -0,0 +1,5 @@
+---
+title: Do not show starred & contributed projects of users with private profile
+merge_request:
+author:
+type: security
View Lorry Controller Status