Added missing changelog entries for 13.0.8

b05279cb · Yorick Peterse · 7869182a · b05279cb · b05279cb
Commit b05279cb authored Jul 01, 2020 by Yorick Peterse
Hide whitespace changes
Inline Side-by-side

Showing with 32 additions and 0 deletions

CHANGELOG-EE.md CHANGELOG-EE.md +8 -0

CHANGELOG.md CHANGELOG.md +24 -0

No files found.
--- a/CHANGELOG-EE.md
+++ b/CHANGELOG-EE.md
@@ -12,6 +12,14 @@ Please view this file on the master branch, on stable branches it's out of date.

 - No changes.

+## 13.0.8 (2020-07-01)
+
+### Security (2 changes)
+
+- Fixed pypi package API XSS.
+- Fix project authorizations for instance security dashboard.
+
+
 ## 13.0.7 (2020-06-25)

 - No changes.

--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -40,6 +40,30 @@ entry.
 - Periodically recompute project authorizations. !34071


+## 13.0.8 (2020-07-01)
+
+### Security (18 changes)
+
+- Update xterm js dependency to latest stable 3.x version.
+- Do not show activity for users with private profiles.
+- Fix stored XSS in markdown renderer.
+- Upgrade swagger-ui to solve XSS issues.
+- Fix group deploy token API authorizations.
+- Check access when sending TODOs related to merge requests.
+- Change from hybrid to JSON cookies serializer.
+- Prevent XSS in group name validations.
+- Disable caching for wiki attachments.
+- Disable Github Importer API by settings.
+- Fix null byte error in upload path.
+- Update permissions for time tracking endpoints.
+- Add snippet repository validation after bundle import.
+- Update Kaminari gem.
+- Fix note author name rendering.
+- Sanitize bitbucket repo urls to mitigate XSS.
+- Stored XSS on the Error Tracking page.
+- Fix security issue when rendering issuable.
+
+
 ## 13.0.7 (2020-06-25)

 ### Fixed (7 changes)