From 00607b8e93de3553cdc25ebc81e97af5094abb8d Mon Sep 17 00:00:00 2001
From: GitLab Release Tools Bot <robert+release-tools@gitlab.com>
Date: Thu, 28 Mar 2019 15:18:34 +0000
Subject: Update CHANGELOG.md for 11.9.4

[ci skip]
---
 CHANGELOG.md                                               | 14 ++++++++++++++
 .../unreleased/disallow-guests-to-access-releases.yml      |  5 -----
 .../unreleased/security-55503-fix-pdf-js-vulnerability.yml |  5 -----
 changelogs/unreleased/security-56224.yml                   |  5 -----
 .../security-56927-xss-resolve-conflicts-branch-name.yml   |  5 -----
 changelogs/unreleased/security-exif-migration.yml          |  5 -----
 .../unreleased/security-id-potential-denial-languages.yml  |  5 -----
 .../security-mass-assignment-on-project-update.yml         |  5 -----
 changelogs/unreleased/use-untrusted-regexp.yml             |  5 -----
 9 files changed, 14 insertions(+), 40 deletions(-)
 delete mode 100644 changelogs/unreleased/disallow-guests-to-access-releases.yml
 delete mode 100644 changelogs/unreleased/security-55503-fix-pdf-js-vulnerability.yml
 delete mode 100644 changelogs/unreleased/security-56224.yml
 delete mode 100644 changelogs/unreleased/security-56927-xss-resolve-conflicts-branch-name.yml
 delete mode 100644 changelogs/unreleased/security-exif-migration.yml
 delete mode 100644 changelogs/unreleased/security-id-potential-denial-languages.yml
 delete mode 100644 changelogs/unreleased/security-mass-assignment-on-project-update.yml
 delete mode 100644 changelogs/unreleased/use-untrusted-regexp.yml

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5516fbca8e1..3130edc79fb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,20 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 11.9.4 (2019-03-28)
+
+### Security (8 changes)
+
+- Disallow guest users from accessing Releases.
+- Fix PDF.js vulnerability.
+- Hide "related branches" when user does not have permission.
+- Fix XSS in resolve conflicts form.
+- Added rake task for removing EXIF data from existing uploads.
+- Return cached languages if they've been detected before.
+- Disallow updating namespace when updating a project.
+- Use UntrustedRegexp for matching refs policy.
+
+
 ## 11.9.3 (2019-03-27)
 
 - Unreleased due to QA failure.
diff --git a/changelogs/unreleased/disallow-guests-to-access-releases.yml b/changelogs/unreleased/disallow-guests-to-access-releases.yml
deleted file mode 100644
index f2d518108d2..00000000000
--- a/changelogs/unreleased/disallow-guests-to-access-releases.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Disallow guest users from accessing Releases
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-55503-fix-pdf-js-vulnerability.yml b/changelogs/unreleased/security-55503-fix-pdf-js-vulnerability.yml
deleted file mode 100644
index e5d0cd4fee1..00000000000
--- a/changelogs/unreleased/security-55503-fix-pdf-js-vulnerability.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix PDF.js vulnerability
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-56224.yml b/changelogs/unreleased/security-56224.yml
deleted file mode 100644
index a4e274e6ca5..00000000000
--- a/changelogs/unreleased/security-56224.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Hide "related branches" when user does not have permission
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-56927-xss-resolve-conflicts-branch-name.yml b/changelogs/unreleased/security-56927-xss-resolve-conflicts-branch-name.yml
deleted file mode 100644
index f92d2c0dcb1..00000000000
--- a/changelogs/unreleased/security-56927-xss-resolve-conflicts-branch-name.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix XSS in resolve conflicts form
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-exif-migration.yml b/changelogs/unreleased/security-exif-migration.yml
deleted file mode 100644
index cc529099df5..00000000000
--- a/changelogs/unreleased/security-exif-migration.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Added rake task for removing EXIF data from existing uploads.
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-id-potential-denial-languages.yml b/changelogs/unreleased/security-id-potential-denial-languages.yml
deleted file mode 100644
index 2194ecb97dc..00000000000
--- a/changelogs/unreleased/security-id-potential-denial-languages.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Return cached languages if they've been detected before
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-mass-assignment-on-project-update.yml b/changelogs/unreleased/security-mass-assignment-on-project-update.yml
deleted file mode 100644
index 93561cd91b3..00000000000
--- a/changelogs/unreleased/security-mass-assignment-on-project-update.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Disallow updating namespace when updating a project
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/use-untrusted-regexp.yml b/changelogs/unreleased/use-untrusted-regexp.yml
deleted file mode 100644
index dd7f1bcaca1..00000000000
--- a/changelogs/unreleased/use-untrusted-regexp.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Use UntrustedRegexp for matching refs policy
-merge_request:
-author:
-type: security
-- 
cgit v1.2.3