Update CHANGELOG.md for 10.3.4

[ci skip]
author: Oswaldo Ferreira <oswaldo@gitlab.com> 2018-01-10 20:27:33 -0200
committer: Oswaldo Ferreira <oswaldo@gitlab.com> 2018-01-10 20:27:33 -0200
commit: f284097ddd2d5001f8cbc5f5bb03e72293e559c5 (patch)
tree: 64f08e7e131371ebe439b6d6b4b89067a5d8f9fd /CHANGELOG.md
parent: be623ef3c1a867d23e9625fe372c17fcad3c47ce (diff)
download: gitlab-ce-f284097ddd2d5001f8cbc5f5bb03e72293e559c5.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 26580e7183f..9fac24c2447 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,19 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 10.3.4 (2018-01-10)
+
+### Security (7 changes, 1 of them is from the community)
+
+- Prevent a SQL injection in the MilestonesFinder.
+- Fix RCE via project import mechanism.
+- Prevent OAuth login POST requests when a provider has been disabled.
+- Filter out sensitive fields from the project services API. (Robert Schilling)
+- Check user authorization for source and target projects when creating a merge request.
+- Fix path traversal in gitlab-ci.yml cache:key.
+- Fix writable shared deploy keys.
+
+
 ## 10.3.3 (2018-01-02)
 
 ### Fixed (3 changes)
author	Oswaldo Ferreira <oswaldo@gitlab.com>	2018-01-10 20:27:33 -0200
committer	Oswaldo Ferreira <oswaldo@gitlab.com>	2018-01-10 20:27:33 -0200
commit	f284097ddd2d5001f8cbc5f5bb03e72293e559c5 (patch)
tree	64f08e7e131371ebe439b6d6b4b89067a5d8f9fd /CHANGELOG.md
parent	be623ef3c1a867d23e9625fe372c17fcad3c47ce (diff)
download	gitlab-ce-f284097ddd2d5001f8cbc5f5bb03e72293e559c5.tar.gz