diff options
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r-- | CHANGELOG.md | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index ce665eb7fcc..742a3a2d972 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -610,6 +610,18 @@ entry. - Apply new GitLab UI for buttons in pipeline schedules. +## 13.8.5 (2021-03-04) + +### Security (6 changes) + +- Fix XSS in wiki author email and name. +- Bump thrift gem to 0.14.0. +- Allow only owners to manage group variables. +- Do not store marshalled sessions ids in Redis. +- Workhorse: prevent escaped router path traversal. +- Fix XSS vulnerability for swagger file viewer. + + ## 13.8.4 (2021-02-11) ### Security (9 changes) @@ -1010,6 +1022,17 @@ entry. - Add verbiage + link sast to show it's in core. !51935 +## 13.7.8 (2021-03-04) + +### Security (5 changes) + +- Bump thrift gem to 0.14.0. +- Allow only owners to manage group variables. +- Do not store marshalled sessions ids in Redis. +- Workhorse: prevent escaped router path traversal. +- Fix XSS vulnerability for swagger file viewer. + + ## 13.7.7 (2021-02-11) ### Security (9 changes) |