diff options
9 files changed, 14 insertions, 36 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index e520b162a2f..ddb9a4fb0c6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,19 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 13.6.7 (2021-02-11) + +### Security (7 changes) + +- Cancel running and pending jobs when a project is deleted. !1220 +- Updates authorization for linting API. +- Prevent exposure of confidential issue titles in file browser. +- Check user access on API merge request read actions. +- Prevent Denial of Service Attack on gitlab-shell. +- Limit daily invitations to groups and projects. +- Prevent Server-side Request Forgery for Prometheus when secured by Google IAP. + + ## 13.6.6 (2021-02-01) ### Security (5 changes) diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index 4c391123315..51067b9c1d6 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -13.6.6
\ No newline at end of file +13.6.7
\ No newline at end of file diff --git a/changelogs/unreleased/security-cancel-pipelines-for-deleted-project.yml b/changelogs/unreleased/security-cancel-pipelines-for-deleted-project.yml deleted file mode 100644 index de92707cb8f..00000000000 --- a/changelogs/unreleased/security-cancel-pipelines-for-deleted-project.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Cancel running and pending jobs when a project is deleted -merge_request: 1220 -author: -type: security diff --git a/changelogs/unreleased/security-check-user-access-on-api-mr-read-actions-master.yml b/changelogs/unreleased/security-check-user-access-on-api-mr-read-actions-master.yml deleted file mode 100644 index c1174904018..00000000000 --- a/changelogs/unreleased/security-check-user-access-on-api-mr-read-actions-master.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Check user access on API merge request read actions -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-confidential-titles.yml b/changelogs/unreleased/security-confidential-titles.yml deleted file mode 100644 index 506cbc095c4..00000000000 --- a/changelogs/unreleased/security-confidential-titles.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent exposure of confidential issue titles in file browser -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-fix-unauthenticated-lint.yml b/changelogs/unreleased/security-fix-unauthenticated-lint.yml deleted file mode 100644 index 94521ba7ec9..00000000000 --- a/changelogs/unreleased/security-fix-unauthenticated-lint.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Updates authorization for linting API -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-limit-fscanl.yml b/changelogs/unreleased/security-limit-fscanl.yml deleted file mode 100644 index 92a2000c1b6..00000000000 --- a/changelogs/unreleased/security-limit-fscanl.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent Denial of Service Attack on gitlab-shell -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-limit-invitations.yml b/changelogs/unreleased/security-limit-invitations.yml deleted file mode 100644 index 353d1cec727..00000000000 --- a/changelogs/unreleased/security-limit-invitations.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Limit daily invitations to groups and projects -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-ssrf-prometheus-iap.yml b/changelogs/unreleased/security-ssrf-prometheus-iap.yml deleted file mode 100644 index 5aff3f35201..00000000000 --- a/changelogs/unreleased/security-ssrf-prometheus-iap.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent Server-side Request Forgery for Prometheus when secured by Google IAP -merge_request: -author: -type: security |