Update CHANGELOG.md for 11.9.12

[ci skip]

13 files changed, 18 insertions, 60 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 30b649937d0..74393c6b1e5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,24 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 11.9.12 (2019-05-30)
+
+### Security (12 changes, 1 of them is from the community)
+
+- Protect Gitlab::HTTP against DNS rebinding attack.
+- Fix project visibility level validation. (Peter Marko)
+- Update Knative version.
+- Add DNS rebinding protection settings.
+- Prevent XSS injection in note imports.
+- Prevent invalid branch for merge request.
+- Filter relative links in wiki for XSS.
+- Fix confidential issue label disclosure on milestone view.
+- Fix url redaction for issue links.
+- Resolve: Milestones leaked via search API.
+- Prevent bypass of restriction disabling web password sign in.
+- Hide confidential issue title on unsubscribe for anonymous users.
+
+
 ## 11.9.11 (2019-04-30)
 
 ### Security (1 change)
diff --git a/changelogs/unreleased/dm-http-hostname-override.yml b/changelogs/unreleased/dm-http-hostname-override.yml
deleted file mode 100644
index f84f36a0010..00000000000
--- a/changelogs/unreleased/dm-http-hostname-override.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Protect Gitlab::HTTP against DNS rebinding attack
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/fix-project-visibility-level-validation.yml b/changelogs/unreleased/fix-project-visibility-level-validation.yml
deleted file mode 100644
index c58d3fc7311..00000000000
--- a/changelogs/unreleased/fix-project-visibility-level-validation.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix project visibility level validation
-merge_request:
-author: Peter Marko
-type: security
diff --git a/changelogs/unreleased/knative-0-5.yml b/changelogs/unreleased/knative-0-5.yml
deleted file mode 100644
index 00690bfb2e5..00000000000
--- a/changelogs/unreleased/knative-0-5.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Update Knative version
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/osw-disable-dns-rebind-protection-settings-11-11.yml b/changelogs/unreleased/osw-disable-dns-rebind-protection-settings-11-11.yml
deleted file mode 100644
index fc9a8bb8025..00000000000
--- a/changelogs/unreleased/osw-disable-dns-rebind-protection-settings-11-11.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Add DNS rebinding protection settings
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-58856-persistent-xss-in-note-objects.yml b/changelogs/unreleased/security-58856-persistent-xss-in-note-objects.yml
deleted file mode 100644
index d9ad5af256a..00000000000
--- a/changelogs/unreleased/security-58856-persistent-xss-in-note-objects.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent XSS injection in note imports
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-60039.yml b/changelogs/unreleased/security-60039.yml
deleted file mode 100644
index 5edbf32ec97..00000000000
--- a/changelogs/unreleased/security-60039.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent invalid branch for merge request
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-60143-address-xss-issue-in-wiki-links.yml b/changelogs/unreleased/security-60143-address-xss-issue-in-wiki-links.yml
deleted file mode 100644
index 5b79258af54..00000000000
--- a/changelogs/unreleased/security-60143-address-xss-issue-in-wiki-links.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Filter relative links in wiki for XSS
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-fix-confidential-issue-label-visibility-master.yml b/changelogs/unreleased/security-fix-confidential-issue-label-visibility-master.yml
deleted file mode 100644
index adfd8e1298f..00000000000
--- a/changelogs/unreleased/security-fix-confidential-issue-label-visibility-master.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix confidential issue label disclosure on milestone view
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-fix-project-existence-disclosure-master.yml b/changelogs/unreleased/security-fix-project-existence-disclosure-master.yml
deleted file mode 100644
index 084439c71d9..00000000000
--- a/changelogs/unreleased/security-fix-project-existence-disclosure-master.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix url redaction for issue links
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-fix_milestones_search_api_leak.yml b/changelogs/unreleased/security-fix_milestones_search_api_leak.yml
deleted file mode 100644
index 5691550b602..00000000000
--- a/changelogs/unreleased/security-fix_milestones_search_api_leak.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: 'Resolve: Milestones leaked via search API'
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-jej-prevent-web-sign-in-bypass.yml b/changelogs/unreleased/security-jej-prevent-web-sign-in-bypass.yml
deleted file mode 100644
index 02773fa1d7c..00000000000
--- a/changelogs/unreleased/security-jej-prevent-web-sign-in-bypass.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent bypass of restriction disabling web password sign in
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-unsubscribing-from-issue.yml b/changelogs/unreleased/security-unsubscribing-from-issue.yml
deleted file mode 100644
index 3a33a457c69..00000000000
--- a/changelogs/unreleased/security-unsubscribing-from-issue.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Hide confidential issue title on unsubscribe for anonymous users
-merge_request:
-author:
-type: security