summaryrefslogtreecommitdiff
path: root/CHANGELOG.md
diff options
context:
space:
mode:
authorGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>2019-06-27 12:06:53 +0000
committerGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>2019-06-27 12:06:53 +0000
commitbb771faec6ad7288d4596bf681fd5fc82368bd7f (patch)
tree65b490d4ca6462cc8cf71173a3da007244136c83 /CHANGELOG.md
parent871d06993edba9220c10ef2ca5c64f412ee5f984 (diff)
downloadgitlab-ce-bb771faec6ad7288d4596bf681fd5fc82368bd7f.tar.gz
Update CHANGELOG.md for 11.10.8
[ci skip]
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r--CHANGELOG.md20
1 files changed, 20 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8d4509e370d..4625685dc9a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -555,6 +555,26 @@ entry.
- Add some frozen string to spec/**/*.rb. (gfyoung)
+## 11.10.8 (2019-06-27)
+
+### Security (10 changes)
+
+- Fix Denial of Service for comments when rendering issues/MR comments.
+- Gate MR head_pipeline behind read_pipeline ability.
+- Fix DoS vulnerability in color validation regex.
+- Expose merge requests count based on user access.
+- Persist tmp snippet uploads at users.
+- Add missing authorizations in GraphQL.
+- Disable Rails SQL query cache when applying service templates.
+- Prevent Billion Laughs attack.
+- Correctly check permissions when creating snippet notes.
+- Prevent the detection of merge request templates by unauthorized users.
+
+### Performance (1 change)
+
+- Add improvements to global search of issues and merge requests. !27817
+
+
## 11.10.6 (2019-06-04)
### Fixed (7 changes, 1 of them is from the community)