summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGELOG.md15
-rw-r--r--GITALY_SERVER_VERSION2
-rw-r--r--changelogs/unreleased/security-cancel-pipelines-for-deleted-project.yml5
-rw-r--r--changelogs/unreleased/security-check-user-access-on-api-mr-read-actions-master.yml5
-rw-r--r--changelogs/unreleased/security-confidential-titles.yml5
-rw-r--r--changelogs/unreleased/security-fix-unauthenticated-lint.yml5
-rw-r--r--changelogs/unreleased/security-limit-fscanl.yml5
-rw-r--r--changelogs/unreleased/security-limit-invitations.yml5
-rw-r--r--changelogs/unreleased/security-respect-analytics-enabled-rule-for-project-level-analytics-featu.yml5
-rw-r--r--changelogs/unreleased/security-ssl-verification-ftc.yml5
-rw-r--r--changelogs/unreleased/security-ssrf-prometheus-iap.yml5
11 files changed, 16 insertions, 46 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index cf92f4b7651..46776b926c1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,21 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
+## 13.8.4 (2021-02-11)
+
+### Security (9 changes)
+
+- Cancel running and pending jobs when a project is deleted. !1220
+- Prevent Denial of Service Attack on gitlab-shell.
+- Prevent exposure of confidential issue titles in file browser.
+- Updates authorization for linting API.
+- Check user access on API merge request read actions.
+- Limit daily invitations to groups and projects.
+- Enforce the analytics enabled project setting for project-level analytics features.
+- Perform SSL verification for FortiTokenCloud Integration.
+- Prevent Server-side Request Forgery for Prometheus when secured by Google IAP.
+
+
## 13.8.3 (2021-02-05)
### Fixed (2 changes)
diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION
index 32d894f3e94..355a70a7731 100644
--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
@@ -1 +1 @@
-13.8.3 \ No newline at end of file
+13.8.4 \ No newline at end of file
diff --git a/changelogs/unreleased/security-cancel-pipelines-for-deleted-project.yml b/changelogs/unreleased/security-cancel-pipelines-for-deleted-project.yml
deleted file mode 100644
index de92707cb8f..00000000000
--- a/changelogs/unreleased/security-cancel-pipelines-for-deleted-project.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Cancel running and pending jobs when a project is deleted
-merge_request: 1220
-author:
-type: security
diff --git a/changelogs/unreleased/security-check-user-access-on-api-mr-read-actions-master.yml b/changelogs/unreleased/security-check-user-access-on-api-mr-read-actions-master.yml
deleted file mode 100644
index c1174904018..00000000000
--- a/changelogs/unreleased/security-check-user-access-on-api-mr-read-actions-master.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Check user access on API merge request read actions
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-confidential-titles.yml b/changelogs/unreleased/security-confidential-titles.yml
deleted file mode 100644
index 506cbc095c4..00000000000
--- a/changelogs/unreleased/security-confidential-titles.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent exposure of confidential issue titles in file browser
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-fix-unauthenticated-lint.yml b/changelogs/unreleased/security-fix-unauthenticated-lint.yml
deleted file mode 100644
index 94521ba7ec9..00000000000
--- a/changelogs/unreleased/security-fix-unauthenticated-lint.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Updates authorization for linting API
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-limit-fscanl.yml b/changelogs/unreleased/security-limit-fscanl.yml
deleted file mode 100644
index 92a2000c1b6..00000000000
--- a/changelogs/unreleased/security-limit-fscanl.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent Denial of Service Attack on gitlab-shell
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-limit-invitations.yml b/changelogs/unreleased/security-limit-invitations.yml
deleted file mode 100644
index 353d1cec727..00000000000
--- a/changelogs/unreleased/security-limit-invitations.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Limit daily invitations to groups and projects
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-respect-analytics-enabled-rule-for-project-level-analytics-featu.yml b/changelogs/unreleased/security-respect-analytics-enabled-rule-for-project-level-analytics-featu.yml
deleted file mode 100644
index 46373d314fd..00000000000
--- a/changelogs/unreleased/security-respect-analytics-enabled-rule-for-project-level-analytics-featu.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Enforce the analytics enabled project setting for project-level analytics features
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-ssl-verification-ftc.yml b/changelogs/unreleased/security-ssl-verification-ftc.yml
deleted file mode 100644
index b87d40124d0..00000000000
--- a/changelogs/unreleased/security-ssl-verification-ftc.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Perform SSL verification for FortiTokenCloud Integration
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-ssrf-prometheus-iap.yml b/changelogs/unreleased/security-ssrf-prometheus-iap.yml
deleted file mode 100644
index 5aff3f35201..00000000000
--- a/changelogs/unreleased/security-ssrf-prometheus-iap.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent Server-side Request Forgery for Prometheus when secured by Google IAP
-merge_request:
-author:
-type: security