Update CHANGELOG.md for 11.9.12

[ci skip]
author: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-05-30 12:51:04 +0000
committer: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-05-30 12:51:04 +0000
commit: 88241108c4d9807e5c312b11c910b3072bc6f120 (patch)
tree: 91b3eb45621ed040db67305f472a4d87a8bb6d7e
parent: 35dfe85f2d85504d5ca3a5426480bbd18c8ec93b (diff)
download: gitlab-ce-88241108c4d9807e5c312b11c910b3072bc6f120.tar.gz
1 files changed, 18 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 88521222b8a..c31af2488f0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -478,6 +478,24 @@ entry.
 - Removes EE differences for environment_item.vue.
 
 
+## 11.9.12 (2019-05-30)
+
+### Security (12 changes, 1 of them is from the community)
+
+- Protect Gitlab::HTTP against DNS rebinding attack.
+- Fix project visibility level validation. (Peter Marko)
+- Update Knative version.
+- Add DNS rebinding protection settings.
+- Prevent XSS injection in note imports.
+- Prevent invalid branch for merge request.
+- Filter relative links in wiki for XSS.
+- Fix confidential issue label disclosure on milestone view.
+- Fix url redaction for issue links.
+- Resolve: Milestones leaked via search API.
+- Prevent bypass of restriction disabling web password sign in.
+- Hide confidential issue title on unsubscribe for anonymous users.
+
+
 ## 11.9.10 (2019-04-26)
 
 ### Security (5 changes)
author	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-05-30 12:51:04 +0000
committer	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-05-30 12:51:04 +0000
commit	88241108c4d9807e5c312b11c910b3072bc6f120 (patch)
tree	91b3eb45621ed040db67305f472a4d87a8bb6d7e
parent	35dfe85f2d85504d5ca3a5426480bbd18c8ec93b (diff)
download	gitlab-ce-88241108c4d9807e5c312b11c910b3072bc6f120.tar.gz