Update CHANGELOG.md for 13.0.1

[ci skip]
author: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> 2020-05-27 15:03:10 +0300
committer: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> 2020-05-27 15:03:10 +0300
commit: 05cd30f6ce17e8fdaad2d27aef645dd463f17ecc (patch)
tree: 0b3778e4204551cb5dd2cc6e1a980531077458f5 /CHANGELOG.md
parent: 171d7a36cc5c7f0f7e5810bae180baa26352c665 (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index d192f143f21..406d1c3ec86 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,24 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 13.0.1 (2020-05-27)
+
+### Security (12 changes)
+
+- Add an extra validation to Static Site Editor payload.
+- Hide EKS secret key in admin integrations settings.
+- Added data integrity check before updating a deploy key.
+- Display only verified emails on notifications and profile page.
+- Require confirmed email address for GitLab OAuth authentication.
+- Kubernetes cluster details page no longer exposes Service Token.
+- Fix confirming unverified emails with soft email confirmation flow enabled.
+- Disallow user to control PUT request using mermaid markdown in issue description.
+- Check forked project permissions before allowing fork.
+- Limit memory footprint of a command that generates ZIP artifacts metadata.
+- Fix file enuming using Group Import.
+- Prevent XSS in the monitoring dashboard.
+
+
 ## 13.0.0 (2020-05-22)
 
 ### Removed (20 changes, 5 of them are from the community)
author	GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>	2020-05-27 15:03:10 +0300
committer	GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>	2020-05-27 15:03:10 +0300
commit	05cd30f6ce17e8fdaad2d27aef645dd463f17ecc (patch)
tree	0b3778e4204551cb5dd2cc6e1a980531077458f5 /CHANGELOG.md
parent	171d7a36cc5c7f0f7e5810bae180baa26352c665 (diff)