diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-12-08 00:10:08 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-12-08 00:10:08 +0300 |
| commit | 3a966afb3ea2ef7a98bdc389e0dc906ef4bf0273 (patch) | |
| tree | e22ca72e41a6d2eaca58ac9cc1390e5f8114ac1f /CHANGELOG.md | |
| parent | 39d41e02dca2139d0bbd88165affd818c9c82fb6 (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'CHANGELOG.md')
| -rw-r--r-- | CHANGELOG.md | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 6b0c4b07275..7907185aa10 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,22 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 13.6.2 (2020-12-07) + +### Security (10 changes) + +- Validate zoom links to start with https only. !1055 +- Require at least 3 characters when searching for project in the Explore page. +- Do not show emails of users in confirmation page. +- Forbid setting a gitlabUserList strategy to a list from another project. +- Fix mermaid resource consumption in GFM fields. +- Ensure group and project memberships are not leaked via API for users with private profiles. +- GraphQL User: do not expose email if set to private. +- Filter search parameter to prevent data leaks. +- Do not expose starred projects of users with private profile via API. +- Do not show starred & contributed projects of users with private profile. + + ## 13.6.1 (2020-11-23) ### Fixed (5 changes) @@ -529,6 +545,22 @@ entry. - Change wording on the project remove fork page. !47878 +## 13.5.5 (2020-12-07) + +### Security (10 changes) + +- Validate zoom links to start with https only. !1055 +- Require at least 3 characters when searching for project in the Explore page. +- Do not show emails of users in confirmation page. +- Forbid setting a gitlabUserList strategy to a list from another project. +- Fix mermaid resource consumption in GFM fields. +- Ensure group and project memberships are not leaked via API for users with private profiles. +- GraphQL User: do not expose email if set to private. +- Filter search parameter to prevent data leaks. +- Do not expose starred projects of users with private profile via API. +- Do not show starred & contributed projects of users with private profile. + + ## 13.5.4 (2020-11-13) ### Fixed (4 changes) @@ -1148,6 +1180,22 @@ entry. - Bump cluster applications CI template. !45472 +## 13.4.7 (2020-12-07) + +### Security (10 changes) + +- Validate zoom links to start with https only. !1055 +- Require at least 3 characters when searching for project in the Explore page. +- Do not show emails of users in confirmation page. +- Forbid setting a gitlabUserList strategy to a list from another project. +- Fix mermaid resource consumption in GFM fields. +- Ensure group and project memberships are not leaked via API for users with private profiles. +- GraphQL User: do not expose email if set to private. +- Filter search parameter to prevent data leaks. +- Do not expose starred projects of users with private profile via API. +- Do not show starred & contributed projects of users with private profile. + + ## 13.4.6 (2020-11-03) ### Fixed (1 change) |