Update CHANGELOG.md for 11.4.2

[ci skip]
author: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2018-10-25 02:45:50 +0000
committer: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2018-10-25 02:45:50 +0000
commit: 34d84fd29fe346dbf95a0cf76de803b6e61c45c6 (patch)
tree: 2524ce57b2f8c02d035e631824ba528cc411504f
parent: cc571e18d37e7f92fab27663090abefc3fbad11c (diff)
download: gitlab-ce-34d84fd29fe346dbf95a0cf76de803b6e61c45c6.tar.gz
2 files changed, 11 insertions, 5 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 825a3bdf517..0cc5e2c6ca2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,17 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 11.4.2 (2018-10-25)
+
+### Security (5 changes)
+
+- Escape entity title while autocomplete template rendering to prevent XSS. !2571
+- Persist only SHA digest of PersonalAccessToken#token.
+- Redact personal tokens in unsubscribe links.
+- Block loopback addresses in UrlBlocker.
+- Validate Wiki attachments are valid temporary files.
+
+
 ## 11.4.1 (2018-10-23)
 
 ### Security (2 changes)
diff --git a/changelogs/unreleased/sh-block-other-localhost.yml b/changelogs/unreleased/sh-block-other-localhost.yml
deleted file mode 100644
index a6a41f0bd81..00000000000
--- a/changelogs/unreleased/sh-block-other-localhost.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Block loopback addresses in UrlBlocker
-merge_request:
-author:
-type: security
author	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2018-10-25 02:45:50 +0000
committer	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2018-10-25 02:45:50 +0000
commit	34d84fd29fe346dbf95a0cf76de803b6e61c45c6 (patch)
tree	2524ce57b2f8c02d035e631824ba528cc411504f
parent	cc571e18d37e7f92fab27663090abefc3fbad11c (diff)
download	gitlab-ce-34d84fd29fe346dbf95a0cf76de803b6e61c45c6.tar.gz