Update CHANGELOG.md for 11.4.2

[ci skip]
parent cc571e18
......@@ -2,6 +2,17 @@
documentation](doc/development/changelog.md) for instructions on adding your own
entry.
## 11.4.2 (2018-10-25)
### Security (5 changes)
- Escape entity title while autocomplete template rendering to prevent XSS. !2571
- Persist only SHA digest of PersonalAccessToken#token.
- Redact personal tokens in unsubscribe links.
- Block loopback addresses in UrlBlocker.
- Validate Wiki attachments are valid temporary files.
## 11.4.1 (2018-10-23)
### Security (2 changes)
......
---
title: Block loopback addresses in UrlBlocker
merge_request:
author:
type: security
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment