Add latest changes from gitlab-org/security/gitlab@13-8-stable-ee

9fb9cbf5 · GitLab Bot · 2bfe9c05 · 9fb9cbf5 · 9fb9cbf5 · 2bfe9c05
Commit 9fb9cbf5 authored Feb 11, 2021 by GitLab Bot
11 changed files
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,21 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.

+## 13.8.4 (2021-02-11)
+
+### Security (9 changes)
+
+- Cancel running and pending jobs when a project is deleted. !1220
+- Prevent Denial of Service Attack on gitlab-shell.
+- Prevent exposure of confidential issue titles in file browser.
+- Updates authorization for linting API.
+- Check user access on API merge request read actions.
+- Limit daily invitations to groups and projects.
+- Enforce the analytics enabled project setting for project-level analytics features.
+- Perform SSL verification for FortiTokenCloud Integration.
+- Prevent Server-side Request Forgery for Prometheus when secured by Google IAP.
+
+
 ## 13.8.3 (2021-02-05)

 ### Fixed (2 changes)

--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
-13.8.3
\ No newline at end of file
+13.8.4
\ No newline at end of file
--- a/changelogs/unreleased/security-cancel-pipelines-for-deleted-project.yml
+++ b/changelogs/unreleased/security-cancel-pipelines-for-deleted-project.yml
---
-title: Cancel running and pending jobs when a project is deleted
-merge_request: 1220
-author:
-type: security
--- a/changelogs/unreleased/security-check-user-access-on-api-mr-read-actions-master.yml
+++ b/changelogs/unreleased/security-check-user-access-on-api-mr-read-actions-master.yml
---
-title: Check user access on API merge request read actions
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-confidential-titles.yml
+++ b/changelogs/unreleased/security-confidential-titles.yml
---
-title: Prevent exposure of confidential issue titles in file browser
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-fix-unauthenticated-lint.yml
+++ b/changelogs/unreleased/security-fix-unauthenticated-lint.yml
---
-title: Updates authorization for linting API
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-limit-fscanl.yml
+++ b/changelogs/unreleased/security-limit-fscanl.yml
---
-title: Prevent Denial of Service Attack on gitlab-shell
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-limit-invitations.yml
+++ b/changelogs/unreleased/security-limit-invitations.yml
---
-title: Limit daily invitations to groups and projects
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-respect-analytics-enabled-rule-for-project-level-analytics-featu.yml
+++ b/changelogs/unreleased/security-respect-analytics-enabled-rule-for-project-level-analytics-featu.yml
---
-title: Enforce the analytics enabled project setting for project-level analytics features
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-ssl-verification-ftc.yml
+++ b/changelogs/unreleased/security-ssl-verification-ftc.yml
---
-title: Perform SSL verification for FortiTokenCloud Integration
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-ssrf-prometheus-iap.yml
+++ b/changelogs/unreleased/security-ssrf-prometheus-iap.yml
---
-title: Prevent Server-side Request Forgery for Prometheus when secured by Google IAP
-merge_request:
-author:
-type: security