Commit f508fb8a authored by GitLab Bot's avatar GitLab Bot

Add latest changes from gitlab-org/security/gitlab@13-6-stable-ee

parent 449338db
......@@ -2,6 +2,22 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
## 13.6.2 (2020-12-07)
### Security (10 changes)
- Validate zoom links to start with https only. !1055
- Require at least 3 characters when searching for project in the Explore page.
- Do not show emails of users in confirmation page.
- Forbid setting a gitlabUserList strategy to a list from another project.
- Fix mermaid resource consumption in GFM fields.
- Ensure group and project memberships are not leaked via API for users with private profiles.
- GraphQL User: do not expose email if set to private.
- Filter search parameter to prevent data leaks.
- Do not expose starred projects of users with private profile via API.
- Do not show starred & contributed projects of users with private profile.
## 13.6.1 (2020-11-23)
### Fixed (5 changes)
......
13.6.1
\ No newline at end of file
13.6.2
\ No newline at end of file
---
title: 'GraphQL User: do not expose email if set to private'
merge_request:
author:
type: security
---
title: Ensure group and project memberships are not leaked via API for users with private profiles
merge_request:
author:
type: security
---
title: Do not show emails of users in confirmation page
merge_request:
author:
type: security
---
title: Forbid setting a gitlabUserList strategy to a list from another project
merge_request:
author:
type: security
---
title: Fix mermaid resource consumption in GFM fields
merge_request:
author:
type: security
---
title: Require at least 3 characters when searching for project in the Explore page
merge_request:
author:
type: security
---
title: Validate zoom links to start with https only
merge_request: 1055
author:
type: security
---
title: Filter search parameter to prevent data leaks
merge_request:
author:
type: security
---
title: Do not expose starred projects of users with private profile via API
merge_request:
author:
type: security
---
title: Do not show starred & contributed projects of users with private profile
merge_request:
author:
type: security
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment