From c93927607f55350f2e2af4bdaf03ff9dba80ab1d Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Wed, 31 Mar 2021 12:23:42 +0000
Subject: Add latest changes from gitlab-org/security/gitlab@13-10-stable-ee

---
 CHANGELOG.md                                       | 22 ++++++++++++++++++++++
 GITALY_SERVER_VERSION                              |  2 +-
 changelogs/unreleased/mimemagic_shim.yml           |  5 -----
 .../remove-direct-mimemagic-dependency-minimal.yml |  5 -----
 .../remove-direct-mimemagic-dependency.yml         |  5 -----
 changelogs/unreleased/remove_hipchat_gem.yml       |  5 -----
 .../unreleased/security-fix-xss-in-mr-sidebar.yml  |  5 -----
 .../security-id-leave-pool-for-private-forks.yml   |  5 -----
 .../security-kroki-arbitraryfile-read-write.yml    |  5 -----
 ...security-projects-branch-collaboration-loop.yml |  5 -----
 .../security-sh-json-validator-open-uri-patch.yml  |  5 -----
 .../security-trigger-system-hook-by-post.yml       |  5 -----
 12 files changed, 23 insertions(+), 51 deletions(-)
 delete mode 100644 changelogs/unreleased/mimemagic_shim.yml
 delete mode 100644 changelogs/unreleased/remove-direct-mimemagic-dependency-minimal.yml
 delete mode 100644 changelogs/unreleased/remove-direct-mimemagic-dependency.yml
 delete mode 100644 changelogs/unreleased/remove_hipchat_gem.yml
 delete mode 100644 changelogs/unreleased/security-fix-xss-in-mr-sidebar.yml
 delete mode 100644 changelogs/unreleased/security-id-leave-pool-for-private-forks.yml
 delete mode 100644 changelogs/unreleased/security-kroki-arbitraryfile-read-write.yml
 delete mode 100644 changelogs/unreleased/security-projects-branch-collaboration-loop.yml
 delete mode 100644 changelogs/unreleased/security-sh-json-validator-open-uri-patch.yml
 delete mode 100644 changelogs/unreleased/security-trigger-system-hook-by-post.yml

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a86c95e163c..e6d382fef4b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,28 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 13.10.1 (2021-03-31)
+
+### Security (6 changes)
+
+- Leave pool repository on fork unlinking.
+- Fixed XSS in merge requests sidebar.
+- Fix arbitrary read/write in AsciiDoctor and Kroki gems.
+- Prevent infinite loop when checking if collaboration is allowed.
+- Disable arbitrary URI and file reads in JSON validator.
+- Require POST request to trigger system hooks.
+
+### Removed (1 change)
+
+- Make HipChat project service do nothing. !57434
+
+### Other (3 changes)
+
+- Remove direct mimemagic dependency. !57387
+- Refactor MimeMagic calls to new MimeType class. !57421
+- Switch to using a fake mimemagic gem. !57443
+
+
 ## 13.10.0 (2021-03-22)
 
 ### Security (3 changes)
diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION
index 04f98b43cda..306c8f502bc 100644
--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
@@ -1 +1 @@
-13.10.0
\ No newline at end of file
+13.10.1
\ No newline at end of file
diff --git a/changelogs/unreleased/mimemagic_shim.yml b/changelogs/unreleased/mimemagic_shim.yml
deleted file mode 100644
index 0376122f0ce..00000000000
--- a/changelogs/unreleased/mimemagic_shim.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Switch to using a fake mimemagic gem
-merge_request: 57443
-author:
-type: other
diff --git a/changelogs/unreleased/remove-direct-mimemagic-dependency-minimal.yml b/changelogs/unreleased/remove-direct-mimemagic-dependency-minimal.yml
deleted file mode 100644
index 727887f7e7b..00000000000
--- a/changelogs/unreleased/remove-direct-mimemagic-dependency-minimal.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Refactor MimeMagic calls to new MimeType class
-merge_request: 57421
-author:
-type: other
diff --git a/changelogs/unreleased/remove-direct-mimemagic-dependency.yml b/changelogs/unreleased/remove-direct-mimemagic-dependency.yml
deleted file mode 100644
index 5194dfdf751..00000000000
--- a/changelogs/unreleased/remove-direct-mimemagic-dependency.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Remove direct mimemagic dependency
-merge_request: 57387
-author:
-type: other
diff --git a/changelogs/unreleased/remove_hipchat_gem.yml b/changelogs/unreleased/remove_hipchat_gem.yml
deleted file mode 100644
index 21a5db3bb5a..00000000000
--- a/changelogs/unreleased/remove_hipchat_gem.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Make HipChat project service do nothing
-merge_request: 57434
-author:
-type: removed
diff --git a/changelogs/unreleased/security-fix-xss-in-mr-sidebar.yml b/changelogs/unreleased/security-fix-xss-in-mr-sidebar.yml
deleted file mode 100644
index a04c1038877..00000000000
--- a/changelogs/unreleased/security-fix-xss-in-mr-sidebar.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fixed XSS in merge requests sidebar
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-id-leave-pool-for-private-forks.yml b/changelogs/unreleased/security-id-leave-pool-for-private-forks.yml
deleted file mode 100644
index df4688583d4..00000000000
--- a/changelogs/unreleased/security-id-leave-pool-for-private-forks.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Leave pool repository on fork unlinking
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-kroki-arbitraryfile-read-write.yml b/changelogs/unreleased/security-kroki-arbitraryfile-read-write.yml
deleted file mode 100644
index acefc5e6fac..00000000000
--- a/changelogs/unreleased/security-kroki-arbitraryfile-read-write.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix arbitrary read/write in AsciiDoctor and Kroki gems
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-projects-branch-collaboration-loop.yml b/changelogs/unreleased/security-projects-branch-collaboration-loop.yml
deleted file mode 100644
index 607bd37d2f6..00000000000
--- a/changelogs/unreleased/security-projects-branch-collaboration-loop.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent infinite loop when checking if collaboration is allowed
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-sh-json-validator-open-uri-patch.yml b/changelogs/unreleased/security-sh-json-validator-open-uri-patch.yml
deleted file mode 100644
index bf51ad66174..00000000000
--- a/changelogs/unreleased/security-sh-json-validator-open-uri-patch.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Disable arbitrary URI and file reads in JSON validator
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-trigger-system-hook-by-post.yml b/changelogs/unreleased/security-trigger-system-hook-by-post.yml
deleted file mode 100644
index c86b9bd40f8..00000000000
--- a/changelogs/unreleased/security-trigger-system-hook-by-post.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Require POST request to trigger system hooks
-merge_request:
-author:
-type: security
-- 
cgit v1.2.1