Yorick Peterse
parent
dd648433bc
commit
689df094d1
24
CHANGELOG.md
24
CHANGELOG.md
|
|
@ -40,6 +40,30 @@ entry.
|
|||
- Periodically recompute project authorizations. !34071
|
||||
|
||||
|
||||
## 13.0.8 (2020-07-01)
|
||||
|
||||
### Security (18 changes)
|
||||
|
||||
- Update xterm js dependency to latest stable 3.x version.
|
||||
- Do not show activity for users with private profiles.
|
||||
- Fix stored XSS in markdown renderer.
|
||||
- Upgrade swagger-ui to solve XSS issues.
|
||||
- Fix group deploy token API authorizations.
|
||||
- Check access when sending TODOs related to merge requests.
|
||||
- Change from hybrid to JSON cookies serializer.
|
||||
- Prevent XSS in group name validations.
|
||||
- Disable caching for wiki attachments.
|
||||
- Disable Github Importer API by settings.
|
||||
- Fix null byte error in upload path.
|
||||
- Update permissions for time tracking endpoints.
|
||||
- Add snippet repository validation after bundle import.
|
||||
- Update Kaminari gem.
|
||||
- Fix note author name rendering.
|
||||
- Sanitize bitbucket repo urls to mitigate XSS.
|
||||
- Stored XSS on the Error Tracking page.
|
||||
- Fix security issue when rendering issuable.
|
||||
|
||||
|
||||
## 13.0.7 (2020-06-25)
|
||||
|
||||
### Fixed (7 changes)
|
||||
|
|
|
|||
Loading…
Reference in New Issue