diff options
author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2018-10-25 02:43:26 +0000 |
---|---|---|
committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2018-10-25 02:43:26 +0000 |
commit | 3ae4f9d1128947045e71e1c33e566fa8d740e00b (patch) | |
tree | 57c1cc08e657e1d8565d45af4bc8d63c0f524983 | |
parent | c310c814be34fb1f75f7159562336ecc628f6030 (diff) | |
download | gitlab-ce-3ae4f9d1128947045e71e1c33e566fa8d740e00b.tar.gz |
Update CHANGELOG.md for 11.4.2
[ci skip]
6 files changed, 11 insertions, 25 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 44181ea1cf1..443d196d94e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,17 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 11.4.2 (2018-10-25) + +### Security (5 changes) + +- Escape entity title while autocomplete template rendering to prevent XSS. !2571 +- Persist only SHA digest of PersonalAccessToken#token. +- Redact personal tokens in unsubscribe links. +- Block loopback addresses in UrlBlocker. +- Validate Wiki attachments are valid temporary files. + + ## 11.4.1 (2018-10-23) ### Security (2 changes) diff --git a/changelogs/unreleased/redact-links-dev.yml b/changelogs/unreleased/redact-links-dev.yml deleted file mode 100644 index 338e7965465..00000000000 --- a/changelogs/unreleased/redact-links-dev.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Redact personal tokens in unsubscribe links. -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-11-4-2717-fix-issue-title-xss.yml b/changelogs/unreleased/security-11-4-2717-fix-issue-title-xss.yml deleted file mode 100644 index 12dfa48c6aa..00000000000 --- a/changelogs/unreleased/security-11-4-2717-fix-issue-title-xss.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Escape entity title while autocomplete template rendering to prevent XSS -merge_request: 2571 -author: -type: security diff --git a/changelogs/unreleased/security-51113-hash_personal_access_tokens.yml b/changelogs/unreleased/security-51113-hash_personal_access_tokens.yml deleted file mode 100644 index 4cebe814148..00000000000 --- a/changelogs/unreleased/security-51113-hash_personal_access_tokens.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Persist only SHA digest of PersonalAccessToken#token -merge_request: -author: -type: security diff --git a/changelogs/unreleased/sh-block-other-localhost.yml b/changelogs/unreleased/sh-block-other-localhost.yml deleted file mode 100644 index a6a41f0bd81..00000000000 --- a/changelogs/unreleased/sh-block-other-localhost.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Block loopback addresses in UrlBlocker -merge_request: -author: -type: security diff --git a/changelogs/unreleased/sh-fix-wiki-security-issue-53072.yml b/changelogs/unreleased/sh-fix-wiki-security-issue-53072.yml deleted file mode 100644 index ac6ab7cc3f4..00000000000 --- a/changelogs/unreleased/sh-fix-wiki-security-issue-53072.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Validate Wiki attachments are valid temporary files -merge_request: -author: -type: security |