From ac9a8518364e91d64cb01732bf41896b6d2912b6 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Tue, 30 Mar 2021 22:42:44 +0000
Subject: Add latest changes from gitlab-org/security/gitlab@13-10-stable-ee

---
 changelogs/unreleased/security-fix-xss-in-mr-sidebar.yml            | 5 +++++
 changelogs/unreleased/security-sh-json-validator-open-uri-patch.yml | 5 +++++
 2 files changed, 10 insertions(+)
 create mode 100644 changelogs/unreleased/security-fix-xss-in-mr-sidebar.yml
 create mode 100644 changelogs/unreleased/security-sh-json-validator-open-uri-patch.yml

(limited to 'changelogs')

diff --git a/changelogs/unreleased/security-fix-xss-in-mr-sidebar.yml b/changelogs/unreleased/security-fix-xss-in-mr-sidebar.yml
new file mode 100644
index 00000000000..a04c1038877
--- /dev/null
+++ b/changelogs/unreleased/security-fix-xss-in-mr-sidebar.yml
@@ -0,0 +1,5 @@
+---
+title: Fixed XSS in merge requests sidebar
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-sh-json-validator-open-uri-patch.yml b/changelogs/unreleased/security-sh-json-validator-open-uri-patch.yml
new file mode 100644
index 00000000000..bf51ad66174
--- /dev/null
+++ b/changelogs/unreleased/security-sh-json-validator-open-uri-patch.yml
@@ -0,0 +1,5 @@
+---
+title: Disable arbitrary URI and file reads in JSON validator
+merge_request:
+author:
+type: security
-- 
cgit v1.2.1