Update CHANGELOG.md for 11.11.1

[ci skip]

CHANGELOG.md

@@ -2,6 +2,24 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 11.11.1 (2019-05-30)
+
+### Security (12 changes)
+
+- Add DNS rebinding protection settings.
+- Prevent XSS injection in note imports.
+- Prevent invalid branch for merge request.
+- Filter relative links in wiki for XSS.
+- Fix confidential issue label disclosure on milestone view.
+- Fix url redaction for issue links.
+- Resolve: Milestones leaked via search API.
+- Protect Gitlab::HTTP against DNS rebinding attack.
+- Add extra fields for handling basic auth on import by url page.
+- Prevent bypass of restriction disabling web password sign in.
+- Update Gitaly to fix GetArchive vulnerability.
+- Hide confidential issue title on unsubscribe for anonymous users.
+
+
 ## 11.11.0 (2019-05-22)
 
 ### Security (1 change)

changelogs/unreleased/osw-disable-dns-rebind-protection-settings-11-11.yml

----
-title: Add DNS rebinding protection settings
-merge_request:
-author:
-type: security

changelogs/unreleased/security-58856-persistent-xss-in-note-objects.yml

----
-title: Prevent XSS injection in note imports
-merge_request:
-author:
-type: security

changelogs/unreleased/security-60039.yml

----
-title: Prevent invalid branch for merge request
-merge_request:
-author:
-type: security

changelogs/unreleased/security-60143-address-xss-issue-in-wiki-links.yml

----
-title: Filter relative links in wiki for XSS
-merge_request:
-author:
-type: security

changelogs/unreleased/security-fix-confidential-issue-label-visibility-master.yml

----
-title: Fix confidential issue label disclosure on milestone view
-merge_request:
-author:
-type: security

changelogs/unreleased/security-fix-project-existence-disclosure-master.yml

----
-title: Fix url redaction for issue links
-merge_request:
-author:
-type: security

changelogs/unreleased/security-fix_milestones_search_api_leak.yml

----
-title: 'Resolve: Milestones leaked via search API'
-merge_request:
-author:
-type: security

changelogs/unreleased/security-http-hostname-override-11-11.yml

----
-title: Protect Gitlab::HTTP against DNS rebinding attack
-merge_request:
-author:
-type: security

changelogs/unreleased/security-id-leaked-password-in-import-url-frontend.yml

----
-title: Add extra fields for handling basic auth on import by url page
-merge_request:
-author:
-type: security

changelogs/unreleased/security-jej-prevent-web-sign-in-bypass.yml

----
-title: Prevent bypass of restriction disabling web password sign in
-merge_request:
-author:
-type: security

changelogs/unreleased/security-pb-fix-get-archive.yml

----
-title: Update Gitaly to fix GetArchive vulnerability
-merge_request:
-author:
-type: security

changelogs/unreleased/security-unsubscribing-from-issue.yml

----
-title: Hide confidential issue title on unsubscribe for anonymous users
-merge_request:
-author:
-type: security