From d8714cf67ce4db786b26b64f0f0bef50fb6976e6 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Tue, 2 Feb 2021 00:09:14 +0000 Subject: Add latest changes from gitlab-org/gitlab@master --- CHANGELOG.md | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) (limited to 'CHANGELOG.md') diff --git a/CHANGELOG.md b/CHANGELOG.md index fd6150af203..b5f1235d615 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,17 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 13.8.2 (2021-02-01) + +### Security (5 changes) + +- Filter sensitive GraphQL variables from logs. +- Avoid exposing release links when the user cannot read git-tag/repository. +- Sanitize target branch on MR page. +- Fix DNS rebinding protection bypass when allowing an IP address in Outbound Requests setting. +- Add routes for unmatched url for not-get requests. + + ## 13.8.1 (2021-01-26) ### Fixed (3 changes) @@ -368,6 +379,17 @@ entry. - Add verbiage + link sast to show it's in core. !51935 +## 13.7.6 (2021-02-01) + +### Security (5 changes) + +- Filter sensitive GraphQL variables from logs. +- Avoid exposing release links when the user cannot read git-tag/repository. +- Sanitize target branch on MR page. +- Fix DNS rebinding protection bypass when allowing an IP address in Outbound Requests setting. +- Add routes for unmatched url for not-get requests. + + ## 13.7.5 (2021-01-25) ### Fixed (2 changes, 1 of them is from the community) @@ -878,6 +900,17 @@ entry. - Update GitLab Workhorse to v8.57.0. +## 13.6.6 (2021-02-01) + +### Security (5 changes) + +- Filter sensitive GraphQL variables from logs. +- Avoid exposing release links when the user cannot read git-tag/repository. +- Sanitize target branch on MR page. +- Fix DNS rebinding protection bypass when allowing an IP address in Outbound Requests setting. +- Add routes for unmatched url for not-get requests. + + ## 13.6.5 (2021-01-13) ### Security (1 change) -- cgit v1.2.3