Add latest changes from gitlab-org/security/gitlab@13-10-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-03-30 22:40:10 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-03-30 22:40:10 +0000
commit: b8cacd68a6297f2c6cdd454a3d82a487367f2e70 (patch)
tree: 093014d689cb2c662f8f3f112791d952263a3b1a /changelogs/unreleased
parent: b2ce3643e27db4cc0ad30cc09d651c00ec799887 (diff)
download: gitlab-ce-b8cacd68a6297f2c6cdd454a3d82a487367f2e70.tar.gz
2 files changed, 10 insertions, 0 deletions
diff --git a/changelogs/unreleased/security-kroki-arbitraryfile-read-write.yml b/changelogs/unreleased/security-kroki-arbitraryfile-read-write.yml
new file mode 100644
index 00000000000..acefc5e6fac
--- /dev/null
+++ b/changelogs/unreleased/security-kroki-arbitraryfile-read-write.yml
@@ -0,0 +1,5 @@
+---
+title: Fix arbitrary read/write in AsciiDoctor and Kroki gems
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-projects-branch-collaboration-loop.yml b/changelogs/unreleased/security-projects-branch-collaboration-loop.yml
new file mode 100644
index 00000000000..607bd37d2f6
--- /dev/null
+++ b/changelogs/unreleased/security-projects-branch-collaboration-loop.yml
@@ -0,0 +1,5 @@
+---
+title: Prevent infinite loop when checking if collaboration is allowed
+merge_request:
+author:
+type: security
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-03-30 22:40:10 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-03-30 22:40:10 +0000
commit	b8cacd68a6297f2c6cdd454a3d82a487367f2e70 (patch)
tree	093014d689cb2c662f8f3f112791d952263a3b1a /changelogs/unreleased
parent	b2ce3643e27db4cc0ad30cc09d651c00ec799887 (diff)
download	gitlab-ce-b8cacd68a6297f2c6cdd454a3d82a487367f2e70.tar.gz