Update CHANGELOG.md for 11.2.6

[ci skip]
parent 74843bb2
......@@ -547,6 +547,17 @@ entry.
- Creates Vue component for artifacts block on job page.
## 11.2.6 (2018-10-26)
### Security (5 changes)
- Escape entity title while autocomplete template rendering to prevent XSS. !2558
- Fix XSS in merge request source branch name.
- Redact personal tokens in unsubscribe links.
- Persist only SHA digest of PersonalAccessToken#token.
- Prevent SSRF attacks in HipChat integration.
## 11.2.5 (2018-10-05)
### Security (3 changes)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment