From f0e99ebd0d6e614326af4a680b40ea56ab05120b Mon Sep 17 00:00:00 2001 From: GitLab Release Tools Bot Date: Fri, 9 Aug 2019 20:51:35 +0000 Subject: Update CHANGELOG.md for 11.11.8 [ci skip] --- CHANGELOG.md | 8 ++++++++ changelogs/unreleased/fix-gitaly-revision-flag-injection.yml | 5 ----- changelogs/unreleased/security-pages-api-token-recovery.yml | 5 ----- 3 files changed, 8 insertions(+), 10 deletions(-) delete mode 100644 changelogs/unreleased/fix-gitaly-revision-flag-injection.yml delete mode 100644 changelogs/unreleased/security-pages-api-token-recovery.yml diff --git a/CHANGELOG.md b/CHANGELOG.md index d7f4e80078d..5b914ff7409 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,14 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 11.11.8 + +### Security (2 changes) + +- Upgrade Gitaly to 1.42.7 to prevent revision flag injection exploits. +- Upgrade pages to 1.5.1 to prevent gitlab api token recovery from cookie. + + ## 11.11.7 ### Security (9 changes) diff --git a/changelogs/unreleased/fix-gitaly-revision-flag-injection.yml b/changelogs/unreleased/fix-gitaly-revision-flag-injection.yml deleted file mode 100644 index ab72482fb25..00000000000 --- a/changelogs/unreleased/fix-gitaly-revision-flag-injection.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Upgrade Gitaly to 1.42.7 to prevent revision flag injection exploits -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-pages-api-token-recovery.yml b/changelogs/unreleased/security-pages-api-token-recovery.yml deleted file mode 100644 index 5b555d0774b..00000000000 --- a/changelogs/unreleased/security-pages-api-token-recovery.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Upgrade pages to 1.5.1 to prevent gitlab api token recovery from cookie -merge_request: -author: -type: security -- cgit v1.2.3