diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-09-30 22:02:13 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-09-30 22:02:13 +0000 |
commit | 516fba52cf280b9d5bad08dce9f0150f859b6cea (patch) | |
tree | 4dad71be856651af62c9a281b01087ae15480810 /changelogs | |
parent | c90be62bdefdb6bb67c73a9c4a6d164c9f78a28d (diff) | |
download | gitlab-ce-516fba52cf280b9d5bad08dce9f0150f859b6cea.tar.gz |
Add latest changes from gitlab-org/security/gitlab@13-4-stable-ee
Diffstat (limited to 'changelogs')
7 files changed, 36 insertions, 0 deletions
diff --git a/changelogs/unreleased/17817-hashed_session_ids_in_redis.yml b/changelogs/unreleased/17817-hashed_session_ids_in_redis.yml new file mode 100644 index 00000000000..0c274f33f36 --- /dev/null +++ b/changelogs/unreleased/17817-hashed_session_ids_in_redis.yml @@ -0,0 +1,5 @@ +--- +title: Do not store session id in Redis +merge_request: +author: +type: security diff --git a/changelogs/unreleased/195327-update-confidentiality-and-milestone.yml b/changelogs/unreleased/195327-update-confidentiality-and-milestone.yml new file mode 100644 index 00000000000..1f883523353 --- /dev/null +++ b/changelogs/unreleased/195327-update-confidentiality-and-milestone.yml @@ -0,0 +1,6 @@ +--- +title: Fix permission checks when updating confidentiality and milestone on issues + or merge requests +merge_request: +author: +type: security diff --git a/changelogs/unreleased/222349-purge_unaccepted_member_invitations.yml b/changelogs/unreleased/222349-purge_unaccepted_member_invitations.yml new file mode 100644 index 00000000000..988ebe9f0c8 --- /dev/null +++ b/changelogs/unreleased/222349-purge_unaccepted_member_invitations.yml @@ -0,0 +1,5 @@ +--- +title: Purge unaccepted member invitations older than 90 days +merge_request: +author: +type: security diff --git a/changelogs/unreleased/feature-flag-plan-limits.yml b/changelogs/unreleased/feature-flag-plan-limits.yml new file mode 100644 index 00000000000..cac5e0847e4 --- /dev/null +++ b/changelogs/unreleased/feature-flag-plan-limits.yml @@ -0,0 +1,5 @@ +--- +title: Adds feature flags plan limits +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-fix_session_bypassing_for_admin_mode_in_api.yml b/changelogs/unreleased/security-fix_session_bypassing_for_admin_mode_in_api.yml new file mode 100644 index 00000000000..bf86f177cd3 --- /dev/null +++ b/changelogs/unreleased/security-fix_session_bypassing_for_admin_mode_in_api.yml @@ -0,0 +1,5 @@ +--- +title: Do not bypass admin mode when authenticated with deploy token +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-fixes-release-asset-link-filepath-ReDoS.yml b/changelogs/unreleased/security-fixes-release-asset-link-filepath-ReDoS.yml new file mode 100644 index 00000000000..e48c3ff963c --- /dev/null +++ b/changelogs/unreleased/security-fixes-release-asset-link-filepath-ReDoS.yml @@ -0,0 +1,5 @@ +--- +title: Fixes release asset link filepath ReDoS +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-members-expiry-date-should-be-in-future.yml b/changelogs/unreleased/security-members-expiry-date-should-be-in-future.yml new file mode 100644 index 00000000000..42418f24345 --- /dev/null +++ b/changelogs/unreleased/security-members-expiry-date-should-be-in-future.yml @@ -0,0 +1,5 @@ +--- +title: Validate that membership expiry dates are not in the past +merge_request: +author: +type: security |