Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhq

3 files changed, 15 insertions, 0 deletions

diff --git a/changelogs/unreleased/security-bw-confidential-titles-through-markdown-api.yml b/changelogs/unreleased/security-bw-confidential-titles-through-markdown-api.yml
new file mode 100644
index 00000000000..e0231b7962f
--- /dev/null
+++ b/changelogs/unreleased/security-bw-confidential-titles-through-markdown-api.yml
@@ -0,0 +1,5 @@
+---
+title: Markdown API no longer displays confidential title references unless authorized
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-fix-leaking-private-project-namespace.yml b/changelogs/unreleased/security-fix-leaking-private-project-namespace.yml
new file mode 100644
index 00000000000..589d16c0c35
--- /dev/null
+++ b/changelogs/unreleased/security-fix-leaking-private-project-namespace.yml
@@ -0,0 +1,5 @@
+---
+title: Properly filter private references from system notes
+merge_request:
+author:
+type: security
diff --git a/changelogs/unreleased/security-osw-user-info-leak-discussions.yml b/changelogs/unreleased/security-osw-user-info-leak-discussions.yml
new file mode 100644
index 00000000000..5acbb80fc3d
--- /dev/null
+++ b/changelogs/unreleased/security-osw-user-info-leak-discussions.yml
@@ -0,0 +1,5 @@
+---
+title: Filter user sensitive data from discussions JSON
+merge_request: 2536
+author:
+type: security