diff options
author | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2019-07-29 14:48:18 +0000 |
---|---|---|
committer | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2019-07-29 14:48:18 +0000 |
commit | f4ec125201e4cc0c33b6960cf44a865ae8b1f34d (patch) | |
tree | 543ea0ac0f19aba40ca47ee433fd020e5cc66f37 /CHANGELOG.md | |
parent | 8f26d6b0e7e0741ffe117379f0a6dd583b12390d (diff) | |
download | gitlab-ce-f4ec125201e4cc0c33b6960cf44a865ae8b1f34d.tar.gz |
Update CHANGELOG.md for 11.11.7
[ci skip]
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r-- | CHANGELOG.md | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 2545d3421a4..d7f4e80078d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,21 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 11.11.7 + +### Security (9 changes) + +- Restrict slash commands to users who can log in. +- Patch XSS issue in wiki links. +- Filter merge request params on the new merge request page. +- Fix Server Side Request Forgery mitigation bypass. +- Show badges if pipelines are public otherwise default to project permissions. +- Do not allow localhost url redirection in GitHub Integration. +- Do not show moved issue id for users that cannot read issue. +- Use source project as permissions reference for MergeRequestsController#pipelines. +- Drop feature to take ownership of trigger token. + + ## 11.11.6 - Unreleased due to QA failure. |