Update CHANGELOG.md for 10.2.6

[ci skip]
author: Oswaldo Ferreira <oswaldo@gitlab.com> 2018-01-11 12:27:52 -0200
committer: Oswaldo Ferreira <oswaldo@gitlab.com> 2018-01-11 12:27:52 -0200
commit: 16855c8b9fc07dfd6d0c1c3fbbeecee47cde25ff (patch)
tree: d021696f94ebf54979d4ba0b04bb2dad30bf0239 /CHANGELOG.md
parent: f284097ddd2d5001f8cbc5f5bb03e72293e559c5 (diff)
download: gitlab-ce-16855c8b9fc07dfd6d0c1c3fbbeecee47cde25ff.tar.gz
1 files changed, 15 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9fac24c2447..e88ab5b6565 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -193,6 +193,21 @@ entry.
 - Clean up schema of the "merge_requests" table.
 
 
+## 10.2.6 (2018-01-11)
+
+### Security (9 changes, 1 of them is from the community)
+
+- Fix writable shared deploy keys.
+- Filter out sensitive fields from the project services API. (Robert Schilling)
+- Fix RCE via project import mechanism.
+- Fixed IPython notebook output not being sanitized.
+- Prevent OAuth login POST requests when a provider has been disabled.
+- Prevent a SQL injection in the MilestonesFinder.
+- Check user authorization for source and target projects when creating a merge request.
+- Fix path traversal in gitlab-ci.yml cache:key.
+- Fix XSS vulnerability in pipeline job trace.
+
+
 ## 10.2.5 (2017-12-15)
 
 ### Fixed (8 changes)
author	Oswaldo Ferreira <oswaldo@gitlab.com>	2018-01-11 12:27:52 -0200
committer	Oswaldo Ferreira <oswaldo@gitlab.com>	2018-01-11 12:27:52 -0200
commit	16855c8b9fc07dfd6d0c1c3fbbeecee47cde25ff (patch)
tree	d021696f94ebf54979d4ba0b04bb2dad30bf0239 /CHANGELOG.md
parent	f284097ddd2d5001f8cbc5f5bb03e72293e559c5 (diff)
download	gitlab-ce-16855c8b9fc07dfd6d0c1c3fbbeecee47cde25ff.tar.gz