diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-11-19 11:27:35 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-11-19 11:27:35 +0300 |
| commit | 7e9c479f7de77702622631cff2628a9c8dcbc627 (patch) | |
| tree | c8f718a08e110ad7e1894510980d2155a6549197 /CHANGELOG.md | |
| parent | e852b0ae16db4052c1c567d9efa4facc81146e88 (diff) | |
Add latest changes from gitlab-org/gitlab@13-6-stable-eev13.6.0-rc42
Diffstat (limited to 'CHANGELOG.md')
| -rw-r--r-- | CHANGELOG.md | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 4b6c4582b5e..9f919fc9fd6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -621,6 +621,32 @@ entry. - Bump cluster applications CI template. !45472 +## 13.4.6 (2020-11-03) + +### Fixed (1 change) + +- Auto Deploy: fixes issues for fetching other charts from stable repo. !46531 + +### Other (1 change) + +- GitLab-managed apps: Use GitLab's repo as replacement for the Helm stable repo. !44875 + + +## 13.4.5 (2020-11-02) + +### Security (9 changes) + +- Add CSRF protection to runner pause and resume. !1021 +- Do not expose Terraform state record in API. +- Path traversal to RCE via LFS upload. +- Update container_repository_name_regex to prevent catastrophic backtracking. +- Validate nuget package names. +- Prevent private repo from being accessed via internal Kubernetes API. +- Validate each upload param key in multipart.rb. +- Fix XSS vulnerability for job build dependencies. +- Fix unauthorized user is able to access schedule pipeline variables and values. + + ## 13.4.4 (2020-10-15) ### Fixed (2 changes) @@ -1279,6 +1305,37 @@ entry. - Expand the visible highlight for collapsed diffs (re: !41393). !42343 +## 13.3.9 (2020-11-02) + +### Security (9 changes) + +- Add CSRF protection to runner pause and resume. !1021 +- Do not expose Terraform state record in API. +- Path traversal to RCE via LFS upload. +- Update container_repository_name_regex to prevent catastrophic backtracking. +- Validate nuget package names. +- Prevent private repo from being accessed via internal Kubernetes API. +- Validate each upload param key in multipart.rb. +- Fix XSS vulnerability for job build dependencies. +- Fix unauthorized user is able to access schedule pipeline variables and values. + + +## 13.3.8 (2020-10-21) + +### Fixed (2 changes) + +- Make SSH keys publicly accessible. !42288 +- Revert required encryption on CI runner tokens. !42623 + +### Added (1 change) + +- Add missing fontawesome file icon classes. !43091 + +### Other (1 change) + +- GitLab-managed apps: Use GitLab's repo as replacement for the Helm stable repo. !44875 + + ## 13.3.4 (2020-09-02) ### Security (1 change) |