Update CHANGELOG.md for 11.9.12

[ci skip]
parent c8f8098d
......@@ -2,6 +2,24 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
## 11.9.12 (2019-05-30)
### Security (12 changes, 1 of them is from the community)
- Protect Gitlab::HTTP against DNS rebinding attack.
- Fix project visibility level validation. (Peter Marko)
- Update Knative version.
- Add DNS rebinding protection settings.
- Prevent XSS injection in note imports.
- Prevent invalid branch for merge request.
- Filter relative links in wiki for XSS.
- Fix confidential issue label disclosure on milestone view.
- Fix url redaction for issue links.
- Resolve: Milestones leaked via search API.
- Prevent bypass of restriction disabling web password sign in.
- Hide confidential issue title on unsubscribe for anonymous users.
## 11.9.11 (2019-04-30)
### Security (1 change)
......
---
title: Protect Gitlab::HTTP against DNS rebinding attack
merge_request:
author:
type: security
---
title: Fix project visibility level validation
merge_request:
author: Peter Marko
type: security
---
title: Update Knative version
merge_request:
author:
type: security
---
title: Add DNS rebinding protection settings
merge_request:
author:
type: security
---
title: Prevent XSS injection in note imports
merge_request:
author:
type: security
---
title: Prevent invalid branch for merge request
merge_request:
author:
type: security
---
title: Filter relative links in wiki for XSS
merge_request:
author:
type: security
---
title: Fix confidential issue label disclosure on milestone view
merge_request:
author:
type: security
---
title: Fix url redaction for issue links
merge_request:
author:
type: security
---
title: 'Resolve: Milestones leaked via search API'
merge_request:
author:
type: security
---
title: Prevent bypass of restriction disabling web password sign in
merge_request:
author:
type: security
---
title: Hide confidential issue title on unsubscribe for anonymous users
merge_request:
author:
type: security
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment