From b1774ad36a965ba5077db6db11e13f2837284158 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Tue, 13 Apr 2021 21:42:31 +0000 Subject: Add latest changes from gitlab-org/security/gitlab@13-10-stable-ee --- CHANGELOG.md | 9 +++++++++ GITALY_SERVER_VERSION | 2 +- changelogs/unreleased/content-type-check.yml | 5 ----- changelogs/unreleased/security-327154-only-jpeg-tiff.yml | 5 ----- changelogs/unreleased/security-ruby-saml-auth-bypass-fix.yml | 5 ----- vendor/gitignore/C++.gitignore | 0 vendor/gitignore/Java.gitignore | 0 7 files changed, 10 insertions(+), 16 deletions(-) delete mode 100644 changelogs/unreleased/content-type-check.yml delete mode 100644 changelogs/unreleased/security-327154-only-jpeg-tiff.yml delete mode 100644 changelogs/unreleased/security-ruby-saml-auth-bypass-fix.yml mode change 100755 => 100644 vendor/gitignore/C++.gitignore mode change 100755 => 100644 vendor/gitignore/Java.gitignore diff --git a/CHANGELOG.md b/CHANGELOG.md index fdc5bc57090..d80a50862b7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,15 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 13.10.3 (2021-04-13) + +### Security (3 changes) + +- Check image content type before running exiftool in workhorse. +- Clean only legitimate JPG and TIFF files. +- Update ruby-saml and rexml gems. + + ## 13.10.2 (2021-04-01) ### Fixed (1 change) diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index beab324ba37..dee21658a83 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -13.10.2 \ No newline at end of file +13.10.3 \ No newline at end of file diff --git a/changelogs/unreleased/content-type-check.yml b/changelogs/unreleased/content-type-check.yml deleted file mode 100644 index cac49ad2ab0..00000000000 --- a/changelogs/unreleased/content-type-check.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Check image content type before running exiftool in workhorse -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-327154-only-jpeg-tiff.yml b/changelogs/unreleased/security-327154-only-jpeg-tiff.yml deleted file mode 100644 index 1751bd735bf..00000000000 --- a/changelogs/unreleased/security-327154-only-jpeg-tiff.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Clean only legitimate JPG and TIFF files -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-ruby-saml-auth-bypass-fix.yml b/changelogs/unreleased/security-ruby-saml-auth-bypass-fix.yml deleted file mode 100644 index 6f7d3c809c7..00000000000 --- a/changelogs/unreleased/security-ruby-saml-auth-bypass-fix.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Update ruby-saml and rexml gems -merge_request: -author: -type: security diff --git a/vendor/gitignore/C++.gitignore b/vendor/gitignore/C++.gitignore old mode 100755 new mode 100644 diff --git a/vendor/gitignore/Java.gitignore b/vendor/gitignore/Java.gitignore old mode 100755 new mode 100644 -- cgit v1.2.1