Update CHANGELOG.md for 11.2.6

[ci skip]
author: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2018-10-26 07:37:07 +0000
committer: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2018-10-26 07:37:07 +0000
commit: 160ed1d7a1d56135427dfa68980f9653e41bd907 (patch)
tree: 4417fd5646cc75913ac6b949e4a35c7cd991956b /CHANGELOG.md
parent: 74843bb28025ecf17b40ea1f77aa306ab084a5cb (diff)
download: gitlab-ce-160ed1d7a1d56135427dfa68980f9653e41bd907.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 09ed9b216aa..842b9f983c3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -547,6 +547,17 @@ entry.
 - Creates Vue component for artifacts block on job page.
 
 
+## 11.2.6 (2018-10-26)
+
+### Security (5 changes)
+
+- Escape entity title while autocomplete template rendering to prevent XSS. !2558
+- Fix XSS in merge request source branch name.
+- Redact personal tokens in unsubscribe links.
+- Persist only SHA digest of PersonalAccessToken#token.
+- Prevent SSRF attacks in HipChat integration.
+
+
 ## 11.2.5 (2018-10-05)
 
 ### Security (3 changes)
author	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2018-10-26 07:37:07 +0000
committer	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2018-10-26 07:37:07 +0000
commit	160ed1d7a1d56135427dfa68980f9653e41bd907 (patch)
tree	4417fd5646cc75913ac6b949e4a35c7cd991956b /CHANGELOG.md
parent	74843bb28025ecf17b40ea1f77aa306ab084a5cb (diff)
download	gitlab-ce-160ed1d7a1d56135427dfa68980f9653e41bd907.tar.gz