diff options
author | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2019-07-29 14:48:20 +0000 |
---|---|---|
committer | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2019-07-29 14:48:20 +0000 |
commit | cc7b15fe935d41aab85918eb7ae7c0ef81f8bfb0 (patch) | |
tree | 23d9b604878bd271e502b20015f147d562a95001 /CHANGELOG.md | |
parent | a90b38641d43870a4bf36544ed1d966ae8d1fa13 (diff) | |
download | gitlab-ce-cc7b15fe935d41aab85918eb7ae7c0ef81f8bfb0.tar.gz |
Update CHANGELOG.md for 11.11.7
[ci skip]
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r-- | CHANGELOG.md | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index e2882bce1bd..d93cc182c62 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -644,6 +644,21 @@ entry. - Moves snowplow to CE repo. +## 11.11.7 + +### Security (9 changes) + +- Restrict slash commands to users who can log in. +- Patch XSS issue in wiki links. +- Filter merge request params on the new merge request page. +- Fix Server Side Request Forgery mitigation bypass. +- Show badges if pipelines are public otherwise default to project permissions. +- Do not allow localhost url redirection in GitHub Integration. +- Do not show moved issue id for users that cannot read issue. +- Use source project as permissions reference for MergeRequestsController#pipelines. +- Drop feature to take ownership of trigger token. + + ## 11.11.4 (2019-06-26) ### Fixed (3 changes) |