Update CHANGELOG.md for 11.11.7

[ci skip]
2019-07-29 14:48:20 +00:00 · 2019-07-29 14:48:20 +00:00 · cc7b15fe93
parent a90b38641d
commit cc7b15fe93
8 changed files with 15 additions and 35 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -644,6 +644,21 @@ entry.
 - Moves snowplow to CE repo.


+## 11.11.7
+
+### Security (9 changes)
+
+- Restrict slash commands to users who can log in.
+- Patch XSS issue in wiki links.
+- Filter merge request params on the new merge request page.
+- Fix Server Side Request Forgery mitigation bypass.
+- Show badges if pipelines are public otherwise default to project permissions.
+- Do not allow localhost url redirection in GitHub Integration.
+- Do not show moved issue id for users that cannot read issue.
+- Use source project as permissions reference for MergeRequestsController#pipelines.
+- Drop feature to take ownership of trigger token.
+
+
 ## 11.11.4 (2019-06-26)

 ### Fixed (3 changes)
--- a/changelogs/unreleased/security-60143-patch-additional-xss-vector-in-wikis.yml
+++ b/changelogs/unreleased/security-60143-patch-additional-xss-vector-in-wikis.yml
@ -1,5 +0,0 @@
---
-title: Patch XSS issue in wiki links
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-bvl-filter-mr-params.yml
+++ b/changelogs/unreleased/security-bvl-filter-mr-params.yml
@ -1,5 +0,0 @@
---
-title: Filter merge request params on the new merge request page
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-dns-ssrf-bypass.yml
+++ b/changelogs/unreleased/security-dns-ssrf-bypass.yml
@ -1,5 +0,0 @@
---
-title: Fix Server Side Request Forgery mitigation bypass
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-fix-badges-leaked-to-unauthorized-users.yml
+++ b/changelogs/unreleased/security-fix-badges-leaked-to-unauthorized-users.yml
@ -1,5 +0,0 @@
---
-title: Show badges if pipelines are public otherwise default to project permissions.
-erge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-github-ssrf-redirect.yml
+++ b/changelogs/unreleased/security-github-ssrf-redirect.yml
@ -1,5 +0,0 @@
---
-title: Do not allow localhost url redirection in GitHub Integration
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-hide_moved_issue_id.yml
+++ b/changelogs/unreleased/security-hide_moved_issue_id.yml
@ -1,5 +0,0 @@
---
-title: Do not show moved issue id for users that cannot read issue
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-remove-take-trigger-ownership-feature.yml
+++ b/changelogs/unreleased/security-remove-take-trigger-ownership-feature.yml
@ -1,5 +0,0 @@
---
-title: Drop feature to take ownership of trigger token.
-merge_request:
-author:
-type: security