summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--CHANGELOG.md11
-rw-r--r--GITALY_SERVER_VERSION2
-rw-r--r--changelogs/unreleased/327155-prevent-mutation-execution-with-read-api-tokens.yml5
-rw-r--r--changelogs/unreleased/security-10io-dependency-proxy-and-deploy-tokens.yml5
-rw-r--r--changelogs/unreleased/security-322500-disable-gitaly-branch-pagination-ff-by-default.yml5
-rw-r--r--changelogs/unreleased/security-bump-carrierwave-to-1-3-2.yml5
-rw-r--r--changelogs/unreleased/security-disallow-changing-timestamps-on-issue-create-update.yml5
7 files changed, 12 insertions, 26 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 096a598100e..a48f0afd15b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,17 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
+## 13.11.2 (2021-04-27)
+
+### Security (5 changes)
+
+- Prevent tokens with only read_api scope from executing mutations.
+- Do not allow deploy tokens in the dependency proxy authentication service.
+- Disable keyset pagination for branches by default.
+- Bump Carrierwave gem to v1.3.2.
+- Restrict setting system_note_timestamp to owners.
+
+
## 13.11.1 (2021-04-22)
### Changed (1 change)
diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION
index 9c43b91bbd2..07ae670e11e 100644
--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
@@ -1 +1 @@
-13.11.1 \ No newline at end of file
+13.11.2 \ No newline at end of file
diff --git a/changelogs/unreleased/327155-prevent-mutation-execution-with-read-api-tokens.yml b/changelogs/unreleased/327155-prevent-mutation-execution-with-read-api-tokens.yml
deleted file mode 100644
index 1758390a5cb..00000000000
--- a/changelogs/unreleased/327155-prevent-mutation-execution-with-read-api-tokens.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent tokens with only read_api scope from executing mutations
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-10io-dependency-proxy-and-deploy-tokens.yml b/changelogs/unreleased/security-10io-dependency-proxy-and-deploy-tokens.yml
deleted file mode 100644
index 26137a42420..00000000000
--- a/changelogs/unreleased/security-10io-dependency-proxy-and-deploy-tokens.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Do not allow deploy tokens in the dependency proxy authentication service
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-322500-disable-gitaly-branch-pagination-ff-by-default.yml b/changelogs/unreleased/security-322500-disable-gitaly-branch-pagination-ff-by-default.yml
deleted file mode 100644
index 869cd7ab57c..00000000000
--- a/changelogs/unreleased/security-322500-disable-gitaly-branch-pagination-ff-by-default.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Disable keyset pagination for branches by default
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-bump-carrierwave-to-1-3-2.yml b/changelogs/unreleased/security-bump-carrierwave-to-1-3-2.yml
deleted file mode 100644
index 4e31f9d855d..00000000000
--- a/changelogs/unreleased/security-bump-carrierwave-to-1-3-2.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Bump Carrierwave gem to v1.3.2
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-disallow-changing-timestamps-on-issue-create-update.yml b/changelogs/unreleased/security-disallow-changing-timestamps-on-issue-create-update.yml
deleted file mode 100644
index 7acd005abaa..00000000000
--- a/changelogs/unreleased/security-disallow-changing-timestamps-on-issue-create-update.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Restrict setting system_note_timestamp to owners
-merge_request:
-author:
-type: security
View Lorry Controller Status