Update CHANGELOG.md for 11.11.1

[ci skip]
parent fc8699ef
...@@ -2,6 +2,24 @@ ...@@ -2,6 +2,24 @@
documentation](doc/development/changelog.md) for instructions on adding your own documentation](doc/development/changelog.md) for instructions on adding your own
entry. entry.
## 11.11.1 (2019-05-30)
### Security (12 changes)
- Add DNS rebinding protection settings.
- Prevent XSS injection in note imports.
- Prevent invalid branch for merge request.
- Filter relative links in wiki for XSS.
- Fix confidential issue label disclosure on milestone view.
- Fix url redaction for issue links.
- Resolve: Milestones leaked via search API.
- Protect Gitlab::HTTP against DNS rebinding attack.
- Add extra fields for handling basic auth on import by url page.
- Prevent bypass of restriction disabling web password sign in.
- Update Gitaly to fix GetArchive vulnerability.
- Hide confidential issue title on unsubscribe for anonymous users.
## 11.11.0 (2019-05-22) ## 11.11.0 (2019-05-22)
### Security (1 change) ### Security (1 change)
......
---
title: Add DNS rebinding protection settings
merge_request:
author:
type: security
---
title: Prevent XSS injection in note imports
merge_request:
author:
type: security
---
title: Prevent invalid branch for merge request
merge_request:
author:
type: security
---
title: Filter relative links in wiki for XSS
merge_request:
author:
type: security
---
title: Fix confidential issue label disclosure on milestone view
merge_request:
author:
type: security
---
title: Fix url redaction for issue links
merge_request:
author:
type: security
---
title: 'Resolve: Milestones leaked via search API'
merge_request:
author:
type: security
---
title: Protect Gitlab::HTTP against DNS rebinding attack
merge_request:
author:
type: security
---
title: Add extra fields for handling basic auth on import by url page
merge_request:
author:
type: security
---
title: Prevent bypass of restriction disabling web password sign in
merge_request:
author:
type: security
---
title: Update Gitaly to fix GetArchive vulnerability
merge_request:
author:
type: security
---
title: Hide confidential issue title on unsubscribe for anonymous users
merge_request:
author:
type: security
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment