Update CHANGELOG.md for 11.9.12

[ci skip]

Update CHANGELOG.md for 11.9.12
3c8b8ce8 · GitLab Release Tools Bot · c8f8098d · 3c8b8ce8 · c8f8098d · c8f8098d
Commit 3c8b8ce8 authored 5 years ago by GitLab Release Tools Bot
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,24 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
  
+## 11.9.12 (2019-05-30)
+
+### Security (12 changes, 1 of them is from the community)
+
+- Protect Gitlab::HTTP against DNS rebinding attack.
+- Fix project visibility level validation. (Peter Marko)
+- Update Knative version.
+- Add DNS rebinding protection settings.
+- Prevent XSS injection in note imports.
+- Prevent invalid branch for merge request.
+- Filter relative links in wiki for XSS.
+- Fix confidential issue label disclosure on milestone view.
+- Fix url redaction for issue links.
+- Resolve: Milestones leaked via search API.
+- Prevent bypass of restriction disabling web password sign in.
+- Hide confidential issue title on unsubscribe for anonymous users.
+
+
 ## 11.9.11 (2019-04-30)
  
 ### Security (1 change)

--- a/changelogs/unreleased/dm-http-hostname-override.yml
+++ b/changelogs/unreleased/dm-http-hostname-override.yml
---
-title: Protect Gitlab::HTTP against DNS rebinding attack
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/fix-project-visibility-level-validation.yml
+++ b/changelogs/unreleased/fix-project-visibility-level-validation.yml
---
-title: Fix project visibility level validation
-merge_request:
-author: Peter Marko
-type: security
--- a/changelogs/unreleased/knative-0-5.yml
+++ b/changelogs/unreleased/knative-0-5.yml
---
-title: Update Knative version
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/osw-disable-dns-rebind-protection-settings-11-11.yml
+++ b/changelogs/unreleased/osw-disable-dns-rebind-protection-settings-11-11.yml
---
-title: Add DNS rebinding protection settings
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-58856-persistent-xss-in-note-objects.yml
+++ b/changelogs/unreleased/security-58856-persistent-xss-in-note-objects.yml
---
-title: Prevent XSS injection in note imports
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-60039.yml
+++ b/changelogs/unreleased/security-60039.yml
---
-title: Prevent invalid branch for merge request
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-60143-address-xss-issue-in-wiki-links.yml
+++ b/changelogs/unreleased/security-60143-address-xss-issue-in-wiki-links.yml
---
-title: Filter relative links in wiki for XSS
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-fix-confidential-issue-label-visibility-master.yml
+++ b/changelogs/unreleased/security-fix-confidential-issue-label-visibility-master.yml
---
-title: Fix confidential issue label disclosure on milestone view
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-fix-project-existence-disclosure-master.yml
+++ b/changelogs/unreleased/security-fix-project-existence-disclosure-master.yml
---
-title: Fix url redaction for issue links
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-fix_milestones_search_api_leak.yml
+++ b/changelogs/unreleased/security-fix_milestones_search_api_leak.yml
---
-title: 'Resolve: Milestones leaked via search API'
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-jej-prevent-web-sign-in-bypass.yml
+++ b/changelogs/unreleased/security-jej-prevent-web-sign-in-bypass.yml
---
-title: Prevent bypass of restriction disabling web password sign in
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-unsubscribing-from-issue.yml
+++ b/changelogs/unreleased/security-unsubscribing-from-issue.yml
---
-title: Hide confidential issue title on unsubscribe for anonymous users
-merge_request:
-author:
-type: security