summaryrefslogtreecommitdiff
path: root/CHANGELOG.md
diff options
context:
space:
mode:
authorGitLab Release Tools Bot <robert+release-tools@gitlab.com>2019-05-30 12:51:04 +0000
committerGitLab Release Tools Bot <robert+release-tools@gitlab.com>2019-05-30 12:51:04 +0000
commit88241108c4d9807e5c312b11c910b3072bc6f120 (patch)
tree91b3eb45621ed040db67305f472a4d87a8bb6d7e /CHANGELOG.md
parent35dfe85f2d85504d5ca3a5426480bbd18c8ec93b (diff)
downloadgitlab-ce-88241108c4d9807e5c312b11c910b3072bc6f120.tar.gz
Update CHANGELOG.md for 11.9.12
[ci skip]
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r--CHANGELOG.md18
1 files changed, 18 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 88521222b8a..c31af2488f0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -478,6 +478,24 @@ entry.
- Removes EE differences for environment_item.vue.
+## 11.9.12 (2019-05-30)
+
+### Security (12 changes, 1 of them is from the community)
+
+- Protect Gitlab::HTTP against DNS rebinding attack.
+- Fix project visibility level validation. (Peter Marko)
+- Update Knative version.
+- Add DNS rebinding protection settings.
+- Prevent XSS injection in note imports.
+- Prevent invalid branch for merge request.
+- Filter relative links in wiki for XSS.
+- Fix confidential issue label disclosure on milestone view.
+- Fix url redaction for issue links.
+- Resolve: Milestones leaked via search API.
+- Prevent bypass of restriction disabling web password sign in.
+- Hide confidential issue title on unsubscribe for anonymous users.
+
+
## 11.9.10 (2019-04-26)
### Security (5 changes)