1 files changed, 32 insertions, 0 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b676ddad5fa..5383491ffe5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -560,6 +560,22 @@ entry.
 - Change wording on the project remove fork page. !47878
 
 
+## 13.5.5 (2020-12-07)
+
+### Security (10 changes)
+
+- Validate zoom links to start with https only. !1055
+- Require at least 3 characters when searching for project in the Explore page.
+- Do not show emails of users in confirmation page.
+- Forbid setting a gitlabUserList strategy to a list from another project.
+- Fix mermaid resource consumption in GFM fields.
+- Ensure group and project memberships are not leaked via API for users with private profiles.
+- GraphQL User: do not expose email if set to private.
+- Filter search parameter to prevent data leaks.
+- Do not expose starred projects of users with private profile via API.
+- Do not show starred & contributed projects of users with private profile.
+
+
 ## 13.5.4 (2020-11-13)
 
 ### Fixed (4 changes)
@@ -1179,6 +1195,22 @@ entry.
 - Bump cluster applications CI template. !45472
 
 
+## 13.4.7 (2020-12-07)
+
+### Security (10 changes)
+
+- Validate zoom links to start with https only. !1055
+- Require at least 3 characters when searching for project in the Explore page.
+- Do not show emails of users in confirmation page.
+- Forbid setting a gitlabUserList strategy to a list from another project.
+- Fix mermaid resource consumption in GFM fields.
+- Ensure group and project memberships are not leaked via API for users with private profiles.
+- GraphQL User: do not expose email if set to private.
+- Filter search parameter to prevent data leaks.
+- Do not expose starred projects of users with private profile via API.
+- Do not show starred & contributed projects of users with private profile.
+
+
 ## 13.4.6 (2020-11-03)
 
 ### Fixed (1 change)