diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-02-11 11:24:28 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-02-11 11:24:28 +0300 |
| commit | f0c6c69c3599705733ba1960f48472cf23038d65 (patch) | |
| tree | 9bb2ea592ea566a15fdc8c7c72eb9fe846c7dedb | |
| parent | bdfa4bb404713970ab3bfba3eab526495a60aa98 (diff) | |
Add latest changes from gitlab-org/security/gitlab@13-7-stable-eev13.7.7
11 files changed, 16 insertions, 46 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 799070f03ac..9b5728c53a8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,21 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 13.7.7 (2021-02-11) + +### Security (9 changes) + +- Cancel running and pending jobs when a project is deleted. !1220 +- Prevent Denial of Service Attack on gitlab-shell. +- Prevent exposure of confidential issue titles in file browser. +- Updates authorization for linting API. +- Check user access on API merge request read actions. +- Limit daily invitations to groups and projects. +- Enforce the analytics enabled project setting for project-level analytics features. +- Perform SSL verification for FortiTokenCloud Integration. +- Prevent Server-side Request Forgery for Prometheus when secured by Google IAP. + + ## 13.7.6 (2021-02-01) ### Security (5 changes) diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index d516d031f12..097a182f11e 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -13.7.6
\ No newline at end of file +13.7.7
\ No newline at end of file diff --git a/changelogs/unreleased/security-cancel-pipelines-for-deleted-project.yml b/changelogs/unreleased/security-cancel-pipelines-for-deleted-project.yml deleted file mode 100644 index de92707cb8f..00000000000 --- a/changelogs/unreleased/security-cancel-pipelines-for-deleted-project.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Cancel running and pending jobs when a project is deleted -merge_request: 1220 -author: -type: security diff --git a/changelogs/unreleased/security-check-user-access-on-api-mr-read-actions-master.yml b/changelogs/unreleased/security-check-user-access-on-api-mr-read-actions-master.yml deleted file mode 100644 index c1174904018..00000000000 --- a/changelogs/unreleased/security-check-user-access-on-api-mr-read-actions-master.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Check user access on API merge request read actions -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-confidential-titles.yml b/changelogs/unreleased/security-confidential-titles.yml deleted file mode 100644 index 506cbc095c4..00000000000 --- a/changelogs/unreleased/security-confidential-titles.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent exposure of confidential issue titles in file browser -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-fix-unauthenticated-lint.yml b/changelogs/unreleased/security-fix-unauthenticated-lint.yml deleted file mode 100644 index 94521ba7ec9..00000000000 --- a/changelogs/unreleased/security-fix-unauthenticated-lint.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Updates authorization for linting API -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-limit-fscanl.yml b/changelogs/unreleased/security-limit-fscanl.yml deleted file mode 100644 index 92a2000c1b6..00000000000 --- a/changelogs/unreleased/security-limit-fscanl.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent Denial of Service Attack on gitlab-shell -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-limit-invitations.yml b/changelogs/unreleased/security-limit-invitations.yml deleted file mode 100644 index 353d1cec727..00000000000 --- a/changelogs/unreleased/security-limit-invitations.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Limit daily invitations to groups and projects -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-respect-analytics-enabled-rule-for-project-level-analytics-featu.yml b/changelogs/unreleased/security-respect-analytics-enabled-rule-for-project-level-analytics-featu.yml deleted file mode 100644 index 46373d314fd..00000000000 --- a/changelogs/unreleased/security-respect-analytics-enabled-rule-for-project-level-analytics-featu.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Enforce the analytics enabled project setting for project-level analytics features -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-ssl-verification-ftc.yml b/changelogs/unreleased/security-ssl-verification-ftc.yml deleted file mode 100644 index b87d40124d0..00000000000 --- a/changelogs/unreleased/security-ssl-verification-ftc.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Perform SSL verification for FortiTokenCloud Integration -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-ssrf-prometheus-iap.yml b/changelogs/unreleased/security-ssrf-prometheus-iap.yml deleted file mode 100644 index 5aff3f35201..00000000000 --- a/changelogs/unreleased/security-ssrf-prometheus-iap.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent Server-side Request Forgery for Prometheus when secured by Google IAP -merge_request: -author: -type: security |