From d22cb7d01fe43f61ad2bacd36b21c39daa46a0f7 Mon Sep 17 00:00:00 2001
From: Tim Abbott <tabbott@zulipchat.com>
Date: Wed, 1 Apr 2020 13:30:21 -0700
Subject: [PATCH] Release Zulip Server 2.1.3.

---
 docs/overview/changelog.md | 12 +++++++++---
 version.py                 |  4 ++--
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/docs/overview/changelog.md b/docs/overview/changelog.md
index 3e81d55199..42a146fcaa 100644
--- a/docs/overview/changelog.md
+++ b/docs/overview/changelog.md
@@ -7,13 +7,18 @@ All notable changes to the Zulip server are documented in this file.
 This section lists notable unreleased changes; it is generally updated
 in bursts.
 
-### 2.1.3 -- 2020-02-??
+### 2.1.3 -- 2020-04-01
 
-- Added red warning at top of page for users of ancient desktop app
-  version 2.3.82 with broken auto-update.
+- CVE-2020-9444: Prevent reverse tabnapping attacks.
+- CVE-2020-9445: Remove unused and insecure modal_link feature.
+- CVE-2020-10935: Fix XSS vulnerability in local link rewriting.
+- Blocked access from Zulip Desktop versions below 5.0.0.  This
+  behavior can be adjusted by editing `DESKTOP_*_VERSION`
+  in `/home/zulip/deployments/current/version.py`.
 - Restructured server initialization to simplify initialization of
   Docker containers (eliminating common classes of user error).
 - Removed buggy feedback bot (`ENABLE_FEEDBACK`).
+- Migrated GitHub authentication to use the current encoding.
 - Fixed support for restoring a backup on a different minor release
   (in the common case they have the same database schema).
 - Fixed restoring backups with memcached authentication enabled.
@@ -22,6 +27,7 @@ in bursts.
 - Fixed buggy loading spinner in "emoji format" widget.
 - Fixed sorting and filtering users in organization settings.
 - Fixed handling of links to deleted streams.
+- Fixed check-rabbitmq-consumers monitoring.
 - Fixed copy-to-clipboard button for outgoing webhook bots.
 - Fixed logging spam from soft_deactivation cron job.
 - Fixed email integration handling of emails with nested MIME structure.
diff --git a/version.py b/version.py
index 32d797ef66..872b4ce544 100644
--- a/version.py
+++ b/version.py
@@ -1,6 +1,6 @@
 import os
 
-ZULIP_VERSION = "2.1.2"
+ZULIP_VERSION = "2.1.3"
 # Add information on number of commits and commit hash to version, if available
 zulip_git_version_file = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'zulip-git-version')
 if os.path.exists(zulip_git_version_file):
@@ -10,7 +10,7 @@ if os.path.exists(zulip_git_version_file):
             ZULIP_VERSION = version
 
 LATEST_MAJOR_VERSION = "2.1"
-LATEST_RELEASE_VERSION = "2.1.2"
+LATEST_RELEASE_VERSION = "2.1.3"
 LATEST_RELEASE_ANNOUNCEMENT = "https://blog.zulip.org/2019/12/13/zulip-2-1-released/"
 
 # Versions of the desktop app below DESKTOP_MINIMUM_VERSION will be