diff options
| author | Alessio Caiazza <acaiazza@gitlab.com> | 2018-06-21 17:14:03 +0200 |
|---|---|---|
| committer | Alessio Caiazza <acaiazza@gitlab.com> | 2018-06-21 17:14:03 +0200 |
| commit | 45f6bacd5ee6f9a6473166ab84a6d135e3ce3082 (patch) | |
| tree | f783e8c52e84354e5ab9886799f491fbe7287060 /CHANGELOG.md | |
| parent | 10d268d57a8fd0ad928dd339d8f5d69db631897e (diff) | |
| download | gitlab-ce-45f6bacd5ee6f9a6473166ab84a6d135e3ce3082.tar.gz | |
Update CHANGELOG.md for 11.0.1
[ci skip]
Diffstat (limited to 'CHANGELOG.md')
| -rw-r--r-- | CHANGELOG.md | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index eabacbc2e1d..e21aa1f1154 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,17 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 11.0.1 (2018-06-21) + +### Security (5 changes) + +- Fix XSS vulnerability for table of content generation. +- Update sanitize gem to 4.6.5 to fix HTML injection vulnerability. +- HTML escape branch name in project graphs page. +- HTML escape the name of the user in ProjectsHelper#link_to_member. +- Don't show events from internal projects for anonymous users in public feed. + + ## 11.0.0 (2018-06-22) ### Security (3 changes) |