From 88241108c4d9807e5c312b11c910b3072bc6f120 Mon Sep 17 00:00:00 2001
From: GitLab Release Tools Bot <robert+release-tools@gitlab.com>
Date: Thu, 30 May 2019 12:51:04 +0000
Subject: Update CHANGELOG.md for 11.9.12

[ci skip]
---
 CHANGELOG.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'CHANGELOG.md')

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 88521222b8a..c31af2488f0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -478,6 +478,24 @@ entry.
 - Removes EE differences for environment_item.vue.
 
 
+## 11.9.12 (2019-05-30)
+
+### Security (12 changes, 1 of them is from the community)
+
+- Protect Gitlab::HTTP against DNS rebinding attack.
+- Fix project visibility level validation. (Peter Marko)
+- Update Knative version.
+- Add DNS rebinding protection settings.
+- Prevent XSS injection in note imports.
+- Prevent invalid branch for merge request.
+- Filter relative links in wiki for XSS.
+- Fix confidential issue label disclosure on milestone view.
+- Fix url redaction for issue links.
+- Resolve: Milestones leaked via search API.
+- Prevent bypass of restriction disabling web password sign in.
+- Hide confidential issue title on unsubscribe for anonymous users.
+
+
 ## 11.9.10 (2019-04-26)
 
 ### Security (5 changes)
-- 
cgit v1.2.1