summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGitLab Release Tools Bot <robert+release-tools@gitlab.com>2018-10-25 02:45:49 +0000
committerGitLab Release Tools Bot <robert+release-tools@gitlab.com>2018-10-25 02:45:49 +0000
commita1e4ecdd21325062eeffbc3859726465c8972c9a (patch)
tree35a20ec5b0b22a4ce7ad2adba1bb07fda26241f0
parentb04c737d4056d14fed885265b40e1001ffa20a1c (diff)
downloadgitlab-ce-a1e4ecdd21325062eeffbc3859726465c8972c9a.tar.gz
Update CHANGELOG.md for 11.4.2
[ci skip]
-rw-r--r--CHANGELOG.md11
-rw-r--r--changelogs/unreleased/redact-links-dev.yml5
-rw-r--r--changelogs/unreleased/security-11-4-2717-fix-issue-title-xss.yml5
-rw-r--r--changelogs/unreleased/security-51113-hash_personal_access_tokens.yml5
-rw-r--r--changelogs/unreleased/sh-block-other-localhost.yml5
-rw-r--r--changelogs/unreleased/sh-fix-wiki-security-issue-53072.yml5
6 files changed, 11 insertions, 25 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3afb7baa04a..b3cee12e77e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,17 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
+## 11.4.2 (2018-10-25)
+
+### Security (5 changes)
+
+- Escape entity title while autocomplete template rendering to prevent XSS. !2571
+- Persist only SHA digest of PersonalAccessToken#token.
+- Redact personal tokens in unsubscribe links.
+- Block loopback addresses in UrlBlocker.
+- Validate Wiki attachments are valid temporary files.
+
+
## 11.4.1 (2018-10-23)
### Security (2 changes)
diff --git a/changelogs/unreleased/redact-links-dev.yml b/changelogs/unreleased/redact-links-dev.yml
deleted file mode 100644
index 338e7965465..00000000000
--- a/changelogs/unreleased/redact-links-dev.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Redact personal tokens in unsubscribe links.
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-11-4-2717-fix-issue-title-xss.yml b/changelogs/unreleased/security-11-4-2717-fix-issue-title-xss.yml
deleted file mode 100644
index 12dfa48c6aa..00000000000
--- a/changelogs/unreleased/security-11-4-2717-fix-issue-title-xss.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Escape entity title while autocomplete template rendering to prevent XSS
-merge_request: 2571
-author:
-type: security
diff --git a/changelogs/unreleased/security-51113-hash_personal_access_tokens.yml b/changelogs/unreleased/security-51113-hash_personal_access_tokens.yml
deleted file mode 100644
index 4cebe814148..00000000000
--- a/changelogs/unreleased/security-51113-hash_personal_access_tokens.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Persist only SHA digest of PersonalAccessToken#token
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/sh-block-other-localhost.yml b/changelogs/unreleased/sh-block-other-localhost.yml
deleted file mode 100644
index a6a41f0bd81..00000000000
--- a/changelogs/unreleased/sh-block-other-localhost.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Block loopback addresses in UrlBlocker
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/sh-fix-wiki-security-issue-53072.yml b/changelogs/unreleased/sh-fix-wiki-security-issue-53072.yml
deleted file mode 100644
index ac6ab7cc3f4..00000000000
--- a/changelogs/unreleased/sh-fix-wiki-security-issue-53072.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Validate Wiki attachments are valid temporary files
-merge_request:
-author:
-type: security