Update CHANGELOG.md for 13.2.10

[ci skip]
parent 76858efa
...@@ -1226,6 +1226,26 @@ entry. ...@@ -1226,6 +1226,26 @@ entry.
- Replace fa-pencil icon with GitLab SVG. !39648 - Replace fa-pencil icon with GitLab SVG. !39648
## 13.2.10 (2020-10-01)
### Security (14 changes)
- Do not store session id in Redis.
- Fix permission checks when updating confidentiality and milestone on issues or merge requests.
- Purge unaccepted member invitations older than 90 days.
- Adds feature flags plan limits.
- Prevent SVG XSS via Web IDE.
- Ensure user has no solo owned groups before triggering account deletion.
- Security fix safe params helper.
- Do not bypass admin mode when authenticated with deploy token.
- Fixes release asset link filepath ReDoS.
- Ensure global ID is of Annotation type in GraphQL destroy mutation.
- Validate that membership expiry dates are not in the past.
- Rate limit adding new email and re-sending email confirmation.
- Fix redaction of confidential Todos.
- Update GitLab Runner Helm Chart to 0.19.4.
## 13.2.8 (2020-09-02) ## 13.2.8 (2020-09-02)
### Security (1 change) ### Security (1 change)
......
---
title: Do not store session id in Redis
merge_request:
author:
type: security
---
title: Fix permission checks when updating confidentiality and milestone on issues
or merge requests
merge_request:
author:
type: security
---
title: Purge unaccepted member invitations older than 90 days
merge_request:
author:
type: security
---
title: Adds feature flags plan limits
merge_request:
author:
type: security
---
title: Prevent SVG XSS via Web IDE
merge_request:
author:
type: security
---
title: Ensure user has no solo owned groups before triggering account deletion
merge_request:
author:
type: security
---
title: Security fix safe params helper
author:
type: security
---
title: Do not bypass admin mode when authenticated with deploy token
merge_request:
author:
type: security
---
title: Fixes release asset link filepath ReDoS
merge_request:
author:
type: security
---
title: Ensure global ID is of Annotation type in GraphQL destroy mutation
merge_request:
author:
type: security
---
title: Validate that membership expiry dates are not in the past
merge_request:
author:
type: security
---
title: Rate limit adding new email and re-sending email confirmation
merge_request:
author:
type: security
---
title: Fix redaction of confidential Todos
merge_request:
author:
type: security
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment