Update CHANGELOG.md for 11.4.2

[ci skip]
author: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2018-10-25 02:45:49 +0000
committer: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2018-10-25 02:45:49 +0000
commit: a1e4ecdd21325062eeffbc3859726465c8972c9a (patch)
tree: 35a20ec5b0b22a4ce7ad2adba1bb07fda26241f0 /CHANGELOG.md
parent: b04c737d4056d14fed885265b40e1001ffa20a1c (diff)
download: gitlab-ce-a1e4ecdd21325062eeffbc3859726465c8972c9a.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3afb7baa04a..b3cee12e77e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,17 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 11.4.2 (2018-10-25)
+
+### Security (5 changes)
+
+- Escape entity title while autocomplete template rendering to prevent XSS. !2571
+- Persist only SHA digest of PersonalAccessToken#token.
+- Redact personal tokens in unsubscribe links.
+- Block loopback addresses in UrlBlocker.
+- Validate Wiki attachments are valid temporary files.
+
+
 ## 11.4.1 (2018-10-23)
 
 ### Security (2 changes)
author	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2018-10-25 02:45:49 +0000
committer	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2018-10-25 02:45:49 +0000
commit	a1e4ecdd21325062eeffbc3859726465c8972c9a (patch)
tree	35a20ec5b0b22a4ce7ad2adba1bb07fda26241f0 /CHANGELOG.md
parent	b04c737d4056d14fed885265b40e1001ffa20a1c (diff)
download	gitlab-ce-a1e4ecdd21325062eeffbc3859726465c8972c9a.tar.gz