diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-08-05 21:10:10 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-08-05 21:10:10 +0300 |
| commit | ea4766228b5536c83f1917d6058be913472ffa2d (patch) | |
| tree | 5ebf5ea0f996be6c6908e6b631b72c33bc13e997 /CHANGELOG.md | |
| parent | 4b64dc27ae5bac20dec888431c236fef2bfdc449 (diff) | |
Add latest changes from gitlab-org/gitlab@13-2-stable-ee
Diffstat (limited to 'CHANGELOG.md')
| -rw-r--r-- | CHANGELOG.md | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 6055223dfde..37984938590 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,21 @@ entry. ## 13.2.3 (2020-08-05) -- No changes. +### Security (12 changes) + +- Update kramdown gem to version 2.3.0. +- Enforce 2FA on Doorkeeper controllers. +- Revoke OAuth grants when a user revokes an application. +- Refresh project authorizations when transferring groups. +- Stop excess logs from failure to send invite email when group no longer exists. +- Verify confirmed email for OAuth Authorize POST endpoint. +- Fix XSS in Markdown reference tooltips. +- Fix XSS in milestone tooltips. +- Fix xss vulnerability on jobs view. +- Block 40-character hexadecimal branches. +- Prevent a temporary access escalation before group memberships are recalculated when specialized project share workers are enabled. +- Update GitLab Runner Helm Chart to 0.18.2. + ## 13.2.2 (2020-07-29) |