Manually add 10.2.4 changelog entries

0f811675 · Michael Kozono · f4fbe61a · 0f811675 · f4fbe61a · f4fbe61a
Commit 0f811675 authored Dec 08, 2017 by Michael Kozono
4 changed files
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,17 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
+## 10.2.4 (2017-12-08)
+### Security (4 changes)
+- Fix e-mail address disclosure through member search fields
+- Prevent creating issues through API when user does not have permissions
+- Prevent an information disclosure in the Groups API
+- Fix user without access to private Wiki being able to see it on the project page
+- Fix Cross-Site Scripting (XSS) vulnerability while editing a comment
 ## 10.2.3 (2017-11-30)
 ### Fixed (7 changes)

--- a/changelogs/unreleased/bvl-email-disclosure.yml
+++ b/changelogs/unreleased/bvl-email-disclosure.yml
---
-title: Don't match partial email adresses
-merge_request: 2227
-author:
-type: security
--- a/changelogs/unreleased/issue_30663.yml
+++ b/changelogs/unreleased/issue_30663.yml
---
-title: Prevent creating issues through API when user does not have permissions
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/rs-security-group-api.yml
+++ b/changelogs/unreleased/rs-security-group-api.yml
---
-title: Prevent an information disclosure in the Groups API
-merge_request:
-author:
-type: security