Update CHANGELOG.md for 10.7.6

[ci skip]
author: Alessio Caiazza <acaiazza@gitlab.com> 2018-06-21 18:11:07 +0200
committer: Alessio Caiazza <acaiazza@gitlab.com> 2018-06-21 18:11:07 +0200
commit: 4605d27d341d7840cba3453f2b2f23fb992c44b3 (patch)
tree: 478118b7d44c84a2da88bfe9ac433c270f9502bd /CHANGELOG.md
parent: e96b196110518bc02363af4ab457a50c882f48c1 (diff)
download: gitlab-ce-4605d27d341d7840cba3453f2b2f23fb992c44b3.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 09bac7a92aa..72725122b8f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -482,6 +482,22 @@ entry.
 - Gitaly handles repository forks by default.
 
 
+## 10.7.6 (2018-06-21)
+
+### Security (6 changes)
+
+- Fix XSS vulnerability for table of content generation.
+- Update sanitize gem to 4.6.5 to fix HTML injection vulnerability.
+- HTML escape branch name in project graphs page.
+- HTML escape the name of the user in ProjectsHelper#link_to_member.
+- Don't show events from internal projects for anonymous users in public feed.
+- XSS fix to use safe_params instead of params in url_for helpers.
+
+### Other (1 change)
+
+- Replacing gollum libraries for gitlab custom libs. !18343
+
+
 ## 10.7.5 (2018-05-28)
 
 ### Security (3 changes)
author	Alessio Caiazza <acaiazza@gitlab.com>	2018-06-21 18:11:07 +0200
committer	Alessio Caiazza <acaiazza@gitlab.com>	2018-06-21 18:11:07 +0200
commit	4605d27d341d7840cba3453f2b2f23fb992c44b3 (patch)
tree	478118b7d44c84a2da88bfe9ac433c270f9502bd /CHANGELOG.md
parent	e96b196110518bc02363af4ab457a50c882f48c1 (diff)
download	gitlab-ce-4605d27d341d7840cba3453f2b2f23fb992c44b3.tar.gz