GitLab Release Tools Bot
parent
a4c6555151
commit
f2e450724c
24
CHANGELOG.md
24
CHANGELOG.md
|
|
@ -2,6 +2,30 @@
|
|||
documentation](doc/development/changelog.md) for instructions on adding your own
|
||||
entry.
|
||||
|
||||
## 13.1.2 (2020-07-01)
|
||||
|
||||
### Security (18 changes)
|
||||
|
||||
- Update xterm js dependency to latest stable 3.x version.
|
||||
- Do not show activity for users with private profiles.
|
||||
- Fix stored XSS in markdown renderer.
|
||||
- Upgrade swagger-ui to solve XSS issues.
|
||||
- Fix group deploy token API authorizations.
|
||||
- Check access when sending TODOs related to merge requests.
|
||||
- Change from hybrid to JSON cookies serializer.
|
||||
- Prevent XSS in group name validations.
|
||||
- Disable caching for wiki attachments.
|
||||
- Disable Github Importer API by settings.
|
||||
- Fix null byte error in upload path.
|
||||
- Update permissions for time tracking endpoints.
|
||||
- Add snippet repository validation after bundle import.
|
||||
- Update Kaminari gem.
|
||||
- Fix note author name rendering.
|
||||
- Sanitize bitbucket repo urls to mitigate XSS.
|
||||
- Stored XSS on the Error Tracking page.
|
||||
- Fix security issue when rendering issuable.
|
||||
|
||||
|
||||
## 13.1.1 (2020-06-23)
|
||||
|
||||
### Fixed (4 changes)
|
||||
|
|
|
|||
Loading…
Reference in New Issue