Update CHANGELOG.md for 11.3.7

[ci skip]
author: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2018-10-26 07:30:15 +0000
committer: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2018-10-26 07:30:15 +0000
commit: 74843bb28025ecf17b40ea1f77aa306ab084a5cb (patch)
tree: bcd8bb4d465b718dbd7e9a26c29f50f8ffc37f8e /CHANGELOG.md
parent: fee6989fa003395a6188f8ca452adab25d8ece6b (diff)
download: gitlab-ce-74843bb28025ecf17b40ea1f77aa306ab084a5cb.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0cc5e2c6ca2..09ed9b216aa 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -246,6 +246,18 @@ entry.
 - Check frozen string in style builds. (gfyoung)
 
 
+## 11.3.7 (2018-10-26)
+
+### Security (6 changes)
+
+- Escape entity title while autocomplete template rendering to prevent XSS. !2557
+- Persist only SHA digest of PersonalAccessToken#token.
+- Fix XSS in merge request source branch name.
+- Redact personal tokens in unsubscribe links.
+- Prevent SSRF attacks in HipChat integration.
+- Validate Wiki attachments are valid temporary files.
+
+
 ## 11.3.6 (2018-10-17)
 
 - No changes.
author	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2018-10-26 07:30:15 +0000
committer	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2018-10-26 07:30:15 +0000
commit	74843bb28025ecf17b40ea1f77aa306ab084a5cb (patch)
tree	bcd8bb4d465b718dbd7e9a26c29f50f8ffc37f8e /CHANGELOG.md
parent	fee6989fa003395a6188f8ca452adab25d8ece6b (diff)
download	gitlab-ce-74843bb28025ecf17b40ea1f77aa306ab084a5cb.tar.gz