Update CHANGELOG.md for 11.3.7

[ci skip]
parent fee6989f
...@@ -246,6 +246,18 @@ entry. ...@@ -246,6 +246,18 @@ entry.
- Check frozen string in style builds. (gfyoung) - Check frozen string in style builds. (gfyoung)
## 11.3.7 (2018-10-26)
### Security (6 changes)
- Escape entity title while autocomplete template rendering to prevent XSS. !2557
- Persist only SHA digest of PersonalAccessToken#token.
- Fix XSS in merge request source branch name.
- Redact personal tokens in unsubscribe links.
- Prevent SSRF attacks in HipChat integration.
- Validate Wiki attachments are valid temporary files.
## 11.3.6 (2018-10-17) ## 11.3.6 (2018-10-17)
- No changes. - No changes.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment