Add latest changes from gitlab-org/security/gitlab@13-6-stable-ee

4 files changed, 20 insertions, 0 deletions

diff --git a/changelogs/unreleased/security-hide-email-in-confirmation-page.yml b/changelogs/unreleased/security-hide-email-in-confirmation-page.yml
new file mode 100644
index 00000000000..b8f448acfcd
--- /dev/null
+++ b/changelogs/unreleased/security-hide-email-in-confirmation-page.yml
@@ -0,0 +1,5 @@
+---
+title: Do not show emails of users in confirmation page
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-project-import-zoom-xss.yml b/changelogs/unreleased/security-project-import-zoom-xss.yml
new file mode 100644
index 00000000000..4f4d7f14b6b
--- /dev/null
+++ b/changelogs/unreleased/security-project-import-zoom-xss.yml
@@ -0,0 +1,5 @@
+---
+title: Validate zoom links to start with https only
+merge_request: 1055
+author:
+type: security
diff --git a/changelogs/unreleased/security-starred-projects-api-fix.yml b/changelogs/unreleased/security-starred-projects-api-fix.yml
new file mode 100644
index 00000000000..efb12998393
--- /dev/null
+++ b/changelogs/unreleased/security-starred-projects-api-fix.yml
@@ -0,0 +1,5 @@
+---
+title: Do not expose starred projects of users with private profile via API
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-starred-projects-private-profile.yml b/changelogs/unreleased/security-starred-projects-private-profile.yml
new file mode 100644
index 00000000000..1fb47dce518
--- /dev/null
+++ b/changelogs/unreleased/security-starred-projects-private-profile.yml
@@ -0,0 +1,5 @@
+---
+title: Do not show starred & contributed projects of users with private profile
+merge_request:
+author:
+type: security