Update CHANGELOG.md for 12.10.13

[ci skip]
author: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> 2020-07-01 16:00:52 +0300
committer: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> 2020-07-01 16:00:52 +0300
commit: a8daaa442933f0972b0a31f8452f109d9f4f5f54 (patch)
tree: 0a2d67783d7c710808e076bbb4e21b2f22898fab /CHANGELOG.md
parent: 41f3fb9648c936a67960219dd3f4bba692bd3bf4 (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index bdd0c631b67..42e1e6e19ed 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,27 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 12.10.13 (2020-07-01)
+
+### Security (15 changes)
+
+- Do not show activity for users with private profiles.
+- Fix stored XSS in markdown renderer.
+- Upgrade swagger-ui to solve XSS issues.
+- Fix group deploy token API authorizations.
+- Check access when sending TODOs related to merge requests.
+- Change from hybrid to JSON cookies serializer.
+- Prevent XSS in group name validations.
+- Disable caching for wiki attachments.
+- Fix null byte error in upload path.
+- Update permissions for time tracking endpoints.
+- Update Kaminari gem.
+- Fix note author name rendering.
+- Sanitize bitbucket repo urls to mitigate XSS.
+- Stored XSS on the Error Tracking page.
+- Fix security issue when rendering issuable.
+
+
 ## 12.10.12 (2020-06-24)
 
 ### Fixed (1 change)
author	GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>	2020-07-01 16:00:52 +0300
committer	GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>	2020-07-01 16:00:52 +0300
commit	a8daaa442933f0972b0a31f8452f109d9f4f5f54 (patch)
tree	0a2d67783d7c710808e076bbb4e21b2f22898fab /CHANGELOG.md
parent	41f3fb9648c936a67960219dd3f4bba692bd3bf4 (diff)