diff options
author | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2020-07-01 16:00:52 +0300 |
---|---|---|
committer | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2020-07-01 16:00:52 +0300 |
commit | a8daaa442933f0972b0a31f8452f109d9f4f5f54 (patch) | |
tree | 0a2d67783d7c710808e076bbb4e21b2f22898fab /CHANGELOG.md | |
parent | 41f3fb9648c936a67960219dd3f4bba692bd3bf4 (diff) |
Update CHANGELOG.md for 12.10.13
[ci skip]
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r-- | CHANGELOG.md | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index bdd0c631b67..42e1e6e19ed 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,27 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 12.10.13 (2020-07-01) + +### Security (15 changes) + +- Do not show activity for users with private profiles. +- Fix stored XSS in markdown renderer. +- Upgrade swagger-ui to solve XSS issues. +- Fix group deploy token API authorizations. +- Check access when sending TODOs related to merge requests. +- Change from hybrid to JSON cookies serializer. +- Prevent XSS in group name validations. +- Disable caching for wiki attachments. +- Fix null byte error in upload path. +- Update permissions for time tracking endpoints. +- Update Kaminari gem. +- Fix note author name rendering. +- Sanitize bitbucket repo urls to mitigate XSS. +- Stored XSS on the Error Tracking page. +- Fix security issue when rendering issuable. + + ## 12.10.12 (2020-06-24) ### Fixed (1 change) |