diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-12-04 19:53:44 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-12-04 19:53:44 +0300 |
commit | 4e3a54f835daa49bf784d6e6ad91e90116a24dc8 (patch) | |
tree | 8e1f7be7a80da2de02b2da0ed88f81b2f6b6de8c /changelogs | |
parent | aefe6486cf0d193067112b90145083d73b96bfef (diff) |
Add latest changes from gitlab-org/security/gitlab@13-6-stable-ee
Diffstat (limited to 'changelogs')
4 files changed, 20 insertions, 0 deletions
diff --git a/changelogs/unreleased/security-hide-email-in-confirmation-page.yml b/changelogs/unreleased/security-hide-email-in-confirmation-page.yml new file mode 100644 index 00000000000..b8f448acfcd --- /dev/null +++ b/changelogs/unreleased/security-hide-email-in-confirmation-page.yml @@ -0,0 +1,5 @@ +--- +title: Do not show emails of users in confirmation page +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-project-import-zoom-xss.yml b/changelogs/unreleased/security-project-import-zoom-xss.yml new file mode 100644 index 00000000000..4f4d7f14b6b --- /dev/null +++ b/changelogs/unreleased/security-project-import-zoom-xss.yml @@ -0,0 +1,5 @@ +--- +title: Validate zoom links to start with https only +merge_request: 1055 +author: +type: security diff --git a/changelogs/unreleased/security-starred-projects-api-fix.yml b/changelogs/unreleased/security-starred-projects-api-fix.yml new file mode 100644 index 00000000000..efb12998393 --- /dev/null +++ b/changelogs/unreleased/security-starred-projects-api-fix.yml @@ -0,0 +1,5 @@ +--- +title: Do not expose starred projects of users with private profile via API +merge_request: +author: +type: security diff --git a/changelogs/unreleased/security-starred-projects-private-profile.yml b/changelogs/unreleased/security-starred-projects-private-profile.yml new file mode 100644 index 00000000000..1fb47dce518 --- /dev/null +++ b/changelogs/unreleased/security-starred-projects-private-profile.yml @@ -0,0 +1,5 @@ +--- +title: Do not show starred & contributed projects of users with private profile +merge_request: +author: +type: security |