Update CHANGELOG.md for 11.2.4

[ci skip]
author: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2018-09-26 18:09:18 +0300
committer: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2018-09-26 18:09:18 +0300
commit: e72e9c1d58eef6e6d0ab9d681513f55aa575e8c8 (patch)
tree: aceed24399325870f13f1d6ff0621ec6e0ce520e /CHANGELOG.md
parent: 85f66f379957507a986927bd494000faf00f97fd (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index e514a42108c..609de42383a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -249,6 +249,18 @@ entry.
 - Creates Vue component for artifacts block on job page.
 
 
+## 11.2.4 (2018-09-26)
+
+### Security (6 changes)
+
+- Redact confidential events in the API.
+- Set timeout for syntax highlighting.
+- Sanitize JSON data properly to fix XSS on Issue details page.
+- Fix stored XSS in merge requests from imported repository.
+- Fix xss vulnerability sourced from package.json.
+- Block loopback addresses in UrlBlocker.
+
+
 ## 11.2.3 (2018-08-28)
 
 ### Fixed (1 change)
author	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2018-09-26 18:09:18 +0300
committer	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2018-09-26 18:09:18 +0300
commit	e72e9c1d58eef6e6d0ab9d681513f55aa575e8c8 (patch)
tree	aceed24399325870f13f1d6ff0621ec6e0ce520e /CHANGELOG.md
parent	85f66f379957507a986927bd494000faf00f97fd (diff)