Update CHANGELOG.md for 11.11.7

[ci skip]
author: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> 2019-07-29 14:48:18 +0000
committer: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> 2019-07-29 14:48:18 +0000
commit: f4ec125201e4cc0c33b6960cf44a865ae8b1f34d (patch)
tree: 543ea0ac0f19aba40ca47ee433fd020e5cc66f37 /CHANGELOG.md
parent: 8f26d6b0e7e0741ffe117379f0a6dd583b12390d (diff)
download: gitlab-ce-f4ec125201e4cc0c33b6960cf44a865ae8b1f34d.tar.gz
1 files changed, 15 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2545d3421a4..d7f4e80078d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,21 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 11.11.7
+
+### Security (9 changes)
+
+- Restrict slash commands to users who can log in.
+- Patch XSS issue in wiki links.
+- Filter merge request params on the new merge request page.
+- Fix Server Side Request Forgery mitigation bypass.
+- Show badges if pipelines are public otherwise default to project permissions.
+- Do not allow localhost url redirection in GitHub Integration.
+- Do not show moved issue id for users that cannot read issue.
+- Use source project as permissions reference for MergeRequestsController#pipelines.
+- Drop feature to take ownership of trigger token.
+
+
 ## 11.11.6
 
 - Unreleased due to QA failure.
author	GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>	2019-07-29 14:48:18 +0000
committer	GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>	2019-07-29 14:48:18 +0000
commit	f4ec125201e4cc0c33b6960cf44a865ae8b1f34d (patch)
tree	543ea0ac0f19aba40ca47ee433fd020e5cc66f37 /CHANGELOG.md
parent	8f26d6b0e7e0741ffe117379f0a6dd583b12390d (diff)
download	gitlab-ce-f4ec125201e4cc0c33b6960cf44a865ae8b1f34d.tar.gz