Update CHANGELOG.md for 11.2.6

[ci skip]

Update CHANGELOG.md for 11.2.6
[ci skip]
160ed1d7 · GitLab Release Tools Bot · 74843bb2 · 160ed1d7
隐藏空白更改
内联并排

Showing with 11 addition and 0 deletion

CHANGELOG.md CHANGELOG.md +11 -0

未找到文件。
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -547,6 +547,17 @@ entry.
 - Creates Vue component for artifacts block on job page.


+## 11.2.6 (2018-10-26)
+
+### Security (5 changes)
+
+- Escape entity title while autocomplete template rendering to prevent XSS. !2558
+- Fix XSS in merge request source branch name.
+- Redact personal tokens in unsubscribe links.
+- Persist only SHA digest of PersonalAccessToken#token.
+- Prevent SSRF attacks in HipChat integration.
+
+
 ## 11.2.5 (2018-10-05)

 ### Security (3 changes)