diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-10-21 10:08:36 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-10-21 10:08:36 +0300 |
| commit | 48aff82709769b098321c738f3444b9bdaa694c6 (patch) | |
| tree | e00c7c43e2d9b603a5a6af576b1685e400410dee /CHANGELOG.md | |
| parent | 879f5329ee916a948223f8f43d77fba4da6cd028 (diff) | |
Add latest changes from gitlab-org/gitlab@13-5-stable-eev13.5.0-rc42
Diffstat (limited to 'CHANGELOG.md')
| -rw-r--r-- | CHANGELOG.md | 56 |
1 files changed, 20 insertions, 36 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 7d8186407f5..44e2be627ae 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,42 +23,6 @@ entry. - Fix large backups not working with Azure Blob storage. !44233 -## 13.4.2 (2020-10-01) - -### Security (14 changes) - -- Do not store session id in Redis. -- Fix permission checks when updating confidentiality and milestone on issues or merge requests. -- Purge unaccepted member invitations older than 90 days. -- Adds feature flags plan limits. -- Prevent SVG XSS via Web IDE. -- Ensure user has no solo owned groups before triggering account deletion. -- Security fix safe params helper. -- Do not bypass admin mode when authenticated with deploy token. -- Fixes release asset link filepath ReDoS. -- Ensure global ID is of Annotation type in GraphQL destroy mutation. -- Validate that membership expiry dates are not in the past. -- Rate limit adding new email and re-sending email confirmation. -- Fix redaction of confidential Todos. -- Update GitLab Runner Helm Chart to 0.20.2. - - -## 13.4.1 (2020-09-24) - -### Fixed (2 changes) - -- Revert required encryption on CI runner tokens. !42623 -- Allow Unleash clients to request feature flags when repository is private. !43059 - -### Added (1 change) - -- Add missing fontawesome file icon classes. !43091 - -### Other (1 change) - -- Notifications icon: Render empty string for custom setting. !42848 - - ## 13.4.0 (2020-09-22) ### Security (2 changes, 1 of them is from the community) @@ -1283,6 +1247,26 @@ entry. - Replace fa-pencil icon with GitLab SVG. !39648 +## 13.2.10 (2020-10-01) + +### Security (14 changes) + +- Do not store session id in Redis. +- Fix permission checks when updating confidentiality and milestone on issues or merge requests. +- Purge unaccepted member invitations older than 90 days. +- Adds feature flags plan limits. +- Prevent SVG XSS via Web IDE. +- Ensure user has no solo owned groups before triggering account deletion. +- Security fix safe params helper. +- Do not bypass admin mode when authenticated with deploy token. +- Fixes release asset link filepath ReDoS. +- Ensure global ID is of Annotation type in GraphQL destroy mutation. +- Validate that membership expiry dates are not in the past. +- Rate limit adding new email and re-sending email confirmation. +- Fix redaction of confidential Todos. +- Update GitLab Runner Helm Chart to 0.19.4. + + ## 13.2.8 (2020-09-02) ### Security (1 change) |