summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>2019-07-25 08:22:53 +0000
committerGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>2019-07-25 08:22:53 +0000
commit9afc6928d2c898dea6fbb4845e037e9ecd57ad24 (patch)
tree3d455f05b38d4b6d4858c751717051524ec190b5
parent5bdb9976d79e1a578b92cf3dfce2badac0c63955 (diff)
downloadgitlab-ce-9afc6928d2c898dea6fbb4845e037e9ecd57ad24.tar.gz
Update CHANGELOG.md for 11.11.6
[ci skip]
Diffstat
-rw-r--r--CHANGELOG.md15
-rw-r--r--changelogs/unreleased/security-2873-blocked-user-slash-command-bypass-master.yml5
-rw-r--r--changelogs/unreleased/security-60143-patch-additional-xss-vector-in-wikis.yml5
-rw-r--r--changelogs/unreleased/security-bvl-filter-mr-params.yml5
-rw-r--r--changelogs/unreleased/security-dns-ssrf-bypass.yml5
-rw-r--r--changelogs/unreleased/security-fix-badges-leaked-to-unauthorized-users.yml5
-rw-r--r--changelogs/unreleased/security-github-ssrf-redirect.yml5
-rw-r--r--changelogs/unreleased/security-hide_moved_issue_id.yml5
-rw-r--r--changelogs/unreleased/security-mr-pipeline-permissions.yml5
-rw-r--r--changelogs/unreleased/security-remove-take-trigger-ownership-feature.yml5
10 files changed, 15 insertions, 45 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 89e05a9de80..ce794c18d78 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,21 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
+## 11.11.6
+
+### Security (9 changes)
+
+- Restrict slash commands to users who can log in.
+- Patch XSS issue in wiki links.
+- Filter merge request params on the new merge request page.
+- Fix Server Side Request Forgery mitigation bypass.
+- Show badges if pipelines are public otherwise default to project permissions.
+- Do not allow localhost url redirection in GitHub Integration.
+- Do not show moved issue id for users that cannot read issue.
+- Use source project as permissions reference for MergeRequestsController#pipelines.
+- Drop feature to take ownership of trigger token.
+
+
## 11.11.5 (2019-06-27)
- No changes.
diff --git a/changelogs/unreleased/security-2873-blocked-user-slash-command-bypass-master.yml b/changelogs/unreleased/security-2873-blocked-user-slash-command-bypass-master.yml
deleted file mode 100644
index cd31fe0f35c..00000000000
--- a/changelogs/unreleased/security-2873-blocked-user-slash-command-bypass-master.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Restrict slash commands to users who can log in
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-60143-patch-additional-xss-vector-in-wikis.yml b/changelogs/unreleased/security-60143-patch-additional-xss-vector-in-wikis.yml
deleted file mode 100644
index a8a26d5fc56..00000000000
--- a/changelogs/unreleased/security-60143-patch-additional-xss-vector-in-wikis.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Patch XSS issue in wiki links
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-bvl-filter-mr-params.yml b/changelogs/unreleased/security-bvl-filter-mr-params.yml
deleted file mode 100644
index 4433ec73b7c..00000000000
--- a/changelogs/unreleased/security-bvl-filter-mr-params.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Filter merge request params on the new merge request page
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-dns-ssrf-bypass.yml b/changelogs/unreleased/security-dns-ssrf-bypass.yml
deleted file mode 100644
index e48696ce5bd..00000000000
--- a/changelogs/unreleased/security-dns-ssrf-bypass.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix Server Side Request Forgery mitigation bypass
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-fix-badges-leaked-to-unauthorized-users.yml b/changelogs/unreleased/security-fix-badges-leaked-to-unauthorized-users.yml
deleted file mode 100644
index 9526f3c559f..00000000000
--- a/changelogs/unreleased/security-fix-badges-leaked-to-unauthorized-users.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Show badges if pipelines are public otherwise default to project permissions.
-erge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-github-ssrf-redirect.yml b/changelogs/unreleased/security-github-ssrf-redirect.yml
deleted file mode 100644
index 36a36de3eb0..00000000000
--- a/changelogs/unreleased/security-github-ssrf-redirect.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Do not allow localhost url redirection in GitHub Integration
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-hide_moved_issue_id.yml b/changelogs/unreleased/security-hide_moved_issue_id.yml
deleted file mode 100644
index 24353d797c9..00000000000
--- a/changelogs/unreleased/security-hide_moved_issue_id.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Do not show moved issue id for users that cannot read issue
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-mr-pipeline-permissions.yml b/changelogs/unreleased/security-mr-pipeline-permissions.yml
deleted file mode 100644
index a317c93228c..00000000000
--- a/changelogs/unreleased/security-mr-pipeline-permissions.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Use source project as permissions reference for MergeRequestsController#pipelines
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-remove-take-trigger-ownership-feature.yml b/changelogs/unreleased/security-remove-take-trigger-ownership-feature.yml
deleted file mode 100644
index 201f66e1f18..00000000000
--- a/changelogs/unreleased/security-remove-take-trigger-ownership-feature.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Drop feature to take ownership of trigger token.
-merge_request:
-author:
-type: security
View Lorry Controller Status