Update CHANGELOG.md for 11.6.10

[ci skip]

CHANGELOG.md

@@ -2,6 +2,33 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
+## 11.6.10 (2019-02-28)
+
+### Security (21 changes)
+
+- Stop linking to unrecognized package sources. !55518
+- Check snippet attached file to be moved is within designated directory.
+- Fix potential Addressable::URI::InvalidURIError.
+- Do not display impersonated sessions under active sessions and remove ability to revoke session.
+- Display only information visible to current user on the Milestone page.
+- Show only merge requests visible to user on milestone detail page.
+- Disable issue boards API when issues are disabled.
+- Don't show new issue link after move when a user does not have permissions.
+- Fix git clone revealing private repo's presence.
+- Fix blind SSRF in Prometheus integration by checking URL before querying.
+- Check if desired milestone for an issue is available.
+- Don't allow non-members to see private related MRs.
+- Fix arbitrary file read via diffs during import.
+- Display the correct number of MRs a user has access to.
+- Forbid creating discussions for users with restricted access.
+- Do not disclose milestone titles for unauthorized users.
+- Validate session key when authorizing with GCP to create a cluster.
+- Block local URLs for Kubernetes integration.
+- Limit mermaid rendering to 5K characters.
+- Remove the possibility to share a project with a group that a user is not a member of.
+- Fix leaking private repository information in API.
+
+
 ## 11.6.9 (2019-02-04)
 ### Security (1 change)

changelogs/unreleased/2802-security-add-public-internal-groups-as-members-to-your-project-idor.yml

----
-title: Remove the possibility to share a project with a group that a user is not a member
-  of
-merge_request:
-author:
-type: security

changelogs/unreleased/51971-milestones-visibility.yml

----
-title: Check if desired milestone for an issue is available
-merge_request:
-author:
-type: security

changelogs/unreleased/57227-absolute-uri-missing-hierarchical-segment.yml

----
-title: Fix potential Addressable::URI::InvalidURIError
-merge_request:
-author:
-type: security

changelogs/unreleased/57534_filter_impersonated_sessions.yml

----
-title: Do not display impersonated sessions under active sessions and remove ability
-  to revoke session
-merge_request:
-author:
-type: security

changelogs/unreleased/security-2774-milestones-detail.yml

----
-title: Display only information visible to current user on the Milestone page
-merge_request:
-author:
-type: security

changelogs/unreleased/security-2797-milestone-mrs.yml

----
-title: Show only merge requests visible to user on milestone detail page
-merge_request:
-author:
-type: security

changelogs/unreleased/security-2798-fix-boards-policy.yml

----
-title: Disable issue boards API when issues are disabled
-merge_request:
-author:
-type: security

changelogs/unreleased/security-2799-emails.yml

----
-title: Don't show new issue link after move when a user does not have permissions
-merge_request:
-author:
-type: security

changelogs/unreleased/security-50334.yml

----
-title: Fix git clone revealing private repo's presence
-merge_request:
-author:
-type: security

changelogs/unreleased/security-55468-check-validity-before-querying.yml

----
-title: Fix blind SSRF in Prometheus integration by checking URL before querying
-merge_request:
-author:
-type: security

changelogs/unreleased/security-56348.yml

----
-title: Check snippet attached file to be moved is within designated directory
-merge_request:
-author:
-type: security

changelogs/unreleased/security-commit-private-related-mr.yml

----
-title: Don't allow non-members to see private related MRs.
-merge_request:
-author:
-type: security

changelogs/unreleased/security-fj-diff-import-file-read-fix.yml

----
-title: Fix arbitrary file read via diffs during import
-merge_request:
-author:
-type: security

changelogs/unreleased/security-id-fix-mr-visibility.yml

----
-title: Display the correct number of MRs a user has access to
-merge_request:
-author:
-type: security

changelogs/unreleased/security-id-restricted-access-to-private-repo.yml

----
-title: Forbid creating discussions for users with restricted access
-merge_request:
-author:
-type: security

changelogs/unreleased/security-issue_54789_2.yml

----
-title: Do not disclose milestone titles for unauthorized users
-merge_request:
-author:
-type: security

changelogs/unreleased/security-kubernetes-google-login-csrf.yml

----
-title: Validate session key when authorizing with GCP to create a cluster
-merge_request:
-author:
-type: security

changelogs/unreleased/security-kubernetes-local-ssrf.yml

----
-title: Block local URLs for Kubernetes integration
-merge_request:
-author:
-type: security

changelogs/unreleased/security-mermaid.yml

----
-title: Limit mermaid rendering to 5K characters
-merge_request:
-author:
-type: security