Update CHANGELOG.md for 11.11.7

[ci skip]
author: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> 2019-07-29 14:48:20 +0000
committer: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> 2019-07-29 14:48:20 +0000
commit: cc7b15fe935d41aab85918eb7ae7c0ef81f8bfb0 (patch)
tree: 23d9b604878bd271e502b20015f147d562a95001 /CHANGELOG.md
parent: a90b38641d43870a4bf36544ed1d966ae8d1fa13 (diff)
download: gitlab-ce-cc7b15fe935d41aab85918eb7ae7c0ef81f8bfb0.tar.gz
1 files changed, 15 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index e2882bce1bd..d93cc182c62 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -644,6 +644,21 @@ entry.
 - Moves snowplow to CE repo.
 
 
+## 11.11.7
+
+### Security (9 changes)
+
+- Restrict slash commands to users who can log in.
+- Patch XSS issue in wiki links.
+- Filter merge request params on the new merge request page.
+- Fix Server Side Request Forgery mitigation bypass.
+- Show badges if pipelines are public otherwise default to project permissions.
+- Do not allow localhost url redirection in GitHub Integration.
+- Do not show moved issue id for users that cannot read issue.
+- Use source project as permissions reference for MergeRequestsController#pipelines.
+- Drop feature to take ownership of trigger token.
+
+
 ## 11.11.4 (2019-06-26)
 
 ### Fixed (3 changes)
author	GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>	2019-07-29 14:48:20 +0000
committer	GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>	2019-07-29 14:48:20 +0000
commit	cc7b15fe935d41aab85918eb7ae7c0ef81f8bfb0 (patch)
tree	23d9b604878bd271e502b20015f147d562a95001 /CHANGELOG.md
parent	a90b38641d43870a4bf36544ed1d966ae8d1fa13 (diff)
download	gitlab-ce-cc7b15fe935d41aab85918eb7ae7c0ef81f8bfb0.tar.gz