From a1e4ecdd21325062eeffbc3859726465c8972c9a Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Thu, 25 Oct 2018 02:45:49 +0000 Subject: Update CHANGELOG.md for 11.4.2 [ci skip] --- CHANGELOG.md | 11 +++++++++++ changelogs/unreleased/redact-links-dev.yml | 5 ----- .../unreleased/security-11-4-2717-fix-issue-title-xss.yml | 5 ----- .../unreleased/security-51113-hash_personal_access_tokens.yml | 5 ----- changelogs/unreleased/sh-block-other-localhost.yml | 5 ----- changelogs/unreleased/sh-fix-wiki-security-issue-53072.yml | 5 ----- 6 files changed, 11 insertions(+), 25 deletions(-) delete mode 100644 changelogs/unreleased/redact-links-dev.yml delete mode 100644 changelogs/unreleased/security-11-4-2717-fix-issue-title-xss.yml delete mode 100644 changelogs/unreleased/security-51113-hash_personal_access_tokens.yml delete mode 100644 changelogs/unreleased/sh-block-other-localhost.yml delete mode 100644 changelogs/unreleased/sh-fix-wiki-security-issue-53072.yml diff --git a/CHANGELOG.md b/CHANGELOG.md index 3afb7baa04a..b3cee12e77e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,17 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 11.4.2 (2018-10-25) + +### Security (5 changes) + +- Escape entity title while autocomplete template rendering to prevent XSS. !2571 +- Persist only SHA digest of PersonalAccessToken#token. +- Redact personal tokens in unsubscribe links. +- Block loopback addresses in UrlBlocker. +- Validate Wiki attachments are valid temporary files. + + ## 11.4.1 (2018-10-23) ### Security (2 changes) diff --git a/changelogs/unreleased/redact-links-dev.yml b/changelogs/unreleased/redact-links-dev.yml deleted file mode 100644 index 338e7965465..00000000000 --- a/changelogs/unreleased/redact-links-dev.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Redact personal tokens in unsubscribe links. -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-11-4-2717-fix-issue-title-xss.yml b/changelogs/unreleased/security-11-4-2717-fix-issue-title-xss.yml deleted file mode 100644 index 12dfa48c6aa..00000000000 --- a/changelogs/unreleased/security-11-4-2717-fix-issue-title-xss.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Escape entity title while autocomplete template rendering to prevent XSS -merge_request: 2571 -author: -type: security diff --git a/changelogs/unreleased/security-51113-hash_personal_access_tokens.yml b/changelogs/unreleased/security-51113-hash_personal_access_tokens.yml deleted file mode 100644 index 4cebe814148..00000000000 --- a/changelogs/unreleased/security-51113-hash_personal_access_tokens.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Persist only SHA digest of PersonalAccessToken#token -merge_request: -author: -type: security diff --git a/changelogs/unreleased/sh-block-other-localhost.yml b/changelogs/unreleased/sh-block-other-localhost.yml deleted file mode 100644 index a6a41f0bd81..00000000000 --- a/changelogs/unreleased/sh-block-other-localhost.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Block loopback addresses in UrlBlocker -merge_request: -author: -type: security diff --git a/changelogs/unreleased/sh-fix-wiki-security-issue-53072.yml b/changelogs/unreleased/sh-fix-wiki-security-issue-53072.yml deleted file mode 100644 index ac6ab7cc3f4..00000000000 --- a/changelogs/unreleased/sh-fix-wiki-security-issue-53072.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Validate Wiki attachments are valid temporary files -merge_request: -author: -type: security -- cgit v1.2.3