diff options
author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2018-10-26 07:37:05 +0000 |
---|---|---|
committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2018-10-26 07:37:05 +0000 |
commit | 2d73c8ab39461f872f0f02b2ba45d688552053b5 (patch) | |
tree | 5e464104ab4022bd705b1a94429ec8d7a74b202e | |
parent | 7c2086e2c7c8b91de5fcc67f52aa9b680559ac07 (diff) | |
download | gitlab-ce-2d73c8ab39461f872f0f02b2ba45d688552053b5.tar.gz |
Update CHANGELOG.md for 11.2.6
[ci skip]
-rw-r--r-- | CHANGELOG.md | 11 | ||||
-rw-r--r-- | changelogs/unreleased/51527-xss-in-mr-source-branch.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/redact-links-dev.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/security-11-2-2717-fix-issue-title-xss.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/security-51113-hash_personal_access_tokens.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/sh-fix-hipchat-ssrf.yml | 5 |
6 files changed, 11 insertions, 25 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 6ad7b74b3b1..c200a786537 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,17 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 11.2.6 (2018-10-26) + +### Security (5 changes) + +- Escape entity title while autocomplete template rendering to prevent XSS. !2558 +- Fix XSS in merge request source branch name. +- Redact personal tokens in unsubscribe links. +- Persist only SHA digest of PersonalAccessToken#token. +- Prevent SSRF attacks in HipChat integration. + + ## 11.2.5 (2018-10-05) ### Security (3 changes) diff --git a/changelogs/unreleased/51527-xss-in-mr-source-branch.yml b/changelogs/unreleased/51527-xss-in-mr-source-branch.yml deleted file mode 100644 index dae277b6413..00000000000 --- a/changelogs/unreleased/51527-xss-in-mr-source-branch.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix XSS in merge request source branch name -merge_request: -author: -type: security diff --git a/changelogs/unreleased/redact-links-dev.yml b/changelogs/unreleased/redact-links-dev.yml deleted file mode 100644 index 338e7965465..00000000000 --- a/changelogs/unreleased/redact-links-dev.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Redact personal tokens in unsubscribe links. -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-11-2-2717-fix-issue-title-xss.yml b/changelogs/unreleased/security-11-2-2717-fix-issue-title-xss.yml deleted file mode 100644 index 346f31956f4..00000000000 --- a/changelogs/unreleased/security-11-2-2717-fix-issue-title-xss.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Escape entity title while autocomplete template rendering to prevent XSS -merge_request: 2558 -author: -type: security diff --git a/changelogs/unreleased/security-51113-hash_personal_access_tokens.yml b/changelogs/unreleased/security-51113-hash_personal_access_tokens.yml deleted file mode 100644 index 4cebe814148..00000000000 --- a/changelogs/unreleased/security-51113-hash_personal_access_tokens.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Persist only SHA digest of PersonalAccessToken#token -merge_request: -author: -type: security diff --git a/changelogs/unreleased/sh-fix-hipchat-ssrf.yml b/changelogs/unreleased/sh-fix-hipchat-ssrf.yml deleted file mode 100644 index cdc95a34fcf..00000000000 --- a/changelogs/unreleased/sh-fix-hipchat-ssrf.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent SSRF attacks in HipChat integration -merge_request: -author: -type: security |