Commit 189a15a9 authored by GitLab Bot's avatar GitLab Bot

Add latest changes from gitlab-org/security/gitlab@13-9-stable-ee

parent 38a81ea6
...@@ -2,6 +2,18 @@ ...@@ -2,6 +2,18 @@
documentation](doc/development/changelog.md) for instructions on adding your own documentation](doc/development/changelog.md) for instructions on adding your own
entry. entry.
## 13.9.2 (2021-03-04)
### Security (6 changes)
- Bump thrift gem to 0.14.0.
- Allow only owners to manage group variables.
- Do not store marshalled sessions ids in Redis.
- Fix XSS in wiki author email and name.
- Workhorse: prevent escaped router path traversal.
- Fix XSS vulnerability for swagger file viewer.
## 13.9.1 (2021-02-23) ## 13.9.1 (2021-02-23)
### Fixed (6 changes, 1 of them is from the community) ### Fixed (6 changes, 1 of them is from the community)
......
13.9.1 13.9.2
\ No newline at end of file \ No newline at end of file
---
title: Bump thrift gem to 0.14.0
merge_request:
author:
type: security
---
title: Allow only owners to manage group variables
merge_request:
author:
type: security
---
title: Do not store marshalled sessions ids in Redis
merge_request:
author:
type: security
---
title: Fix XSS in wiki author email and name
merge_request:
author:
type: security
---
title: 'Workhorse: prevent escaped router path traversal'
merge_request:
author:
type: security
---
title: Fix XSS vulnerability for swagger file viewer
merge_request:
author:
type: security
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment