diff --git a/CHANGELOG-EE.md b/CHANGELOG-EE.md
index 04510b2d3a7b38b819f49f3a5e24c2af959a135b..3648a067e714c0885e3a71a7a8b9106f982e9601 100644
--- a/CHANGELOG-EE.md
+++ b/CHANGELOG-EE.md
@@ -374,6 +374,14 @@ Please view this file on the master branch, on stable branches it's out of date.
 - Translate unauthenticated user string for Audit Event. !31856 (Sashi Kumar)
 
 
+## 12.10.13 (2020-07-01)
+
+### Security (2 changes)
+
+- Fixed pypi package API XSS.
+- Fix project authorizations for instance security dashboard.
+
+
 ## 12.10.12 (2020-06-24)
 
 - No changes.
diff --git a/CHANGELOG.md b/CHANGELOG.md
index b1f3039d9b253faf3e59866b3f983e5d9a9815bf..b1f2e02a6734b2d3e30005e0324f2465a3c532bc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -694,6 +694,27 @@ entry.
 - Use visitUrl in Alert management. !32414
 
 
+## 12.10.13 (2020-07-01)
+
+### Security (15 changes)
+
+- Do not show activity for users with private profiles.
+- Fix stored XSS in markdown renderer.
+- Upgrade swagger-ui to solve XSS issues.
+- Fix group deploy token API authorizations.
+- Check access when sending TODOs related to merge requests.
+- Change from hybrid to JSON cookies serializer.
+- Prevent XSS in group name validations.
+- Disable caching for wiki attachments.
+- Fix null byte error in upload path.
+- Update permissions for time tracking endpoints.
+- Update Kaminari gem.
+- Fix note author name rendering.
+- Sanitize bitbucket repo urls to mitigate XSS.
+- Stored XSS on the Error Tracking page.
+- Fix security issue when rendering issuable.
+
+
 ## 12.10.12 (2020-06-24)
 
 ### Fixed (1 change)