Update CHANGELOG.md for 11.11.1

[ci skip]

13 files changed, 18 insertions, 60 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 88521222b8a..737137394bc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,24 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 11.11.1 (2019-05-30)
+
+### Security (12 changes)
+
+- Add DNS rebinding protection settings.
+- Prevent XSS injection in note imports.
+- Prevent invalid branch for merge request.
+- Filter relative links in wiki for XSS.
+- Fix confidential issue label disclosure on milestone view.
+- Fix url redaction for issue links.
+- Resolve: Milestones leaked via search API.
+- Protect Gitlab::HTTP against DNS rebinding attack.
+- Add extra fields for handling basic auth on import by url page.
+- Prevent bypass of restriction disabling web password sign in.
+- Update Gitaly to fix GetArchive vulnerability.
+- Hide confidential issue title on unsubscribe for anonymous users.
+
+
 ## 11.11.0 (2019-05-22)
 
 ### Security (1 change)
diff --git a/changelogs/unreleased/osw-disable-dns-rebind-protection-settings-11-11.yml b/changelogs/unreleased/osw-disable-dns-rebind-protection-settings-11-11.yml
deleted file mode 100644
index fc9a8bb8025..00000000000
--- a/changelogs/unreleased/osw-disable-dns-rebind-protection-settings-11-11.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Add DNS rebinding protection settings
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-58856-persistent-xss-in-note-objects.yml b/changelogs/unreleased/security-58856-persistent-xss-in-note-objects.yml
deleted file mode 100644
index d9ad5af256a..00000000000
--- a/changelogs/unreleased/security-58856-persistent-xss-in-note-objects.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent XSS injection in note imports
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-60039.yml b/changelogs/unreleased/security-60039.yml
deleted file mode 100644
index 5edbf32ec97..00000000000
--- a/changelogs/unreleased/security-60039.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent invalid branch for merge request
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-60143-address-xss-issue-in-wiki-links.yml b/changelogs/unreleased/security-60143-address-xss-issue-in-wiki-links.yml
deleted file mode 100644
index 5b79258af54..00000000000
--- a/changelogs/unreleased/security-60143-address-xss-issue-in-wiki-links.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Filter relative links in wiki for XSS
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-fix-confidential-issue-label-visibility-master.yml b/changelogs/unreleased/security-fix-confidential-issue-label-visibility-master.yml
deleted file mode 100644
index adfd8e1298f..00000000000
--- a/changelogs/unreleased/security-fix-confidential-issue-label-visibility-master.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix confidential issue label disclosure on milestone view
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-fix-project-existence-disclosure-master.yml b/changelogs/unreleased/security-fix-project-existence-disclosure-master.yml
deleted file mode 100644
index 084439c71d9..00000000000
--- a/changelogs/unreleased/security-fix-project-existence-disclosure-master.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix url redaction for issue links
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-fix_milestones_search_api_leak.yml b/changelogs/unreleased/security-fix_milestones_search_api_leak.yml
deleted file mode 100644
index 5691550b602..00000000000
--- a/changelogs/unreleased/security-fix_milestones_search_api_leak.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: 'Resolve: Milestones leaked via search API'
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-http-hostname-override-11-11.yml b/changelogs/unreleased/security-http-hostname-override-11-11.yml
deleted file mode 100644
index f84f36a0010..00000000000
--- a/changelogs/unreleased/security-http-hostname-override-11-11.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Protect Gitlab::HTTP against DNS rebinding attack
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-id-leaked-password-in-import-url-frontend.yml b/changelogs/unreleased/security-id-leaked-password-in-import-url-frontend.yml
deleted file mode 100644
index df636ec37fb..00000000000
--- a/changelogs/unreleased/security-id-leaked-password-in-import-url-frontend.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Add extra fields for handling basic auth on import by url page
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-jej-prevent-web-sign-in-bypass.yml b/changelogs/unreleased/security-jej-prevent-web-sign-in-bypass.yml
deleted file mode 100644
index 02773fa1d7c..00000000000
--- a/changelogs/unreleased/security-jej-prevent-web-sign-in-bypass.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent bypass of restriction disabling web password sign in
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-pb-fix-get-archive.yml b/changelogs/unreleased/security-pb-fix-get-archive.yml
deleted file mode 100644
index dca4fec7d61..00000000000
--- a/changelogs/unreleased/security-pb-fix-get-archive.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Update Gitaly to fix GetArchive vulnerability
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-unsubscribing-from-issue.yml b/changelogs/unreleased/security-unsubscribing-from-issue.yml
deleted file mode 100644
index 3a33a457c69..00000000000
--- a/changelogs/unreleased/security-unsubscribing-from-issue.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Hide confidential issue title on unsubscribe for anonymous users
-merge_request:
-author:
-type: security