diff options
author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2018-10-25 02:45:49 +0000 |
---|---|---|
committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2018-10-25 02:45:49 +0000 |
commit | a1e4ecdd21325062eeffbc3859726465c8972c9a (patch) | |
tree | 35a20ec5b0b22a4ce7ad2adba1bb07fda26241f0 /CHANGELOG.md | |
parent | b04c737d4056d14fed885265b40e1001ffa20a1c (diff) | |
download | gitlab-ce-a1e4ecdd21325062eeffbc3859726465c8972c9a.tar.gz |
Update CHANGELOG.md for 11.4.2
[ci skip]
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r-- | CHANGELOG.md | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 3afb7baa04a..b3cee12e77e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,17 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 11.4.2 (2018-10-25) + +### Security (5 changes) + +- Escape entity title while autocomplete template rendering to prevent XSS. !2571 +- Persist only SHA digest of PersonalAccessToken#token. +- Redact personal tokens in unsubscribe links. +- Block loopback addresses in UrlBlocker. +- Validate Wiki attachments are valid temporary files. + + ## 11.4.1 (2018-10-23) ### Security (2 changes) |