Update CHANGELOG.md for 11.4.2

[ci skip]

Update CHANGELOG.md for 11.4.2
[ci skip]
34d84fd2 · GitLab Release Tools Bot · cc571e18 · 34d84fd2 · cc571e18
隐藏空白更改
内联并排

Showing with 11 addition and 5 deletion

CHANGELOG.md CHANGELOG.md +11 -0

changelogs/unreleased/sh-block-other-localhost.yml changelogs/unreleased/sh-block-other-localhost.yml +0 -5

未找到文件。
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,17 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
+## 11.4.2 (2018-10-25)
+### Security (5 changes)
+- Escape entity title while autocomplete template rendering to prevent XSS. !2571
+- Persist only SHA digest of PersonalAccessToken#token.
+- Redact personal tokens in unsubscribe links.
+- Block loopback addresses in UrlBlocker.
+- Validate Wiki attachments are valid temporary files.
 ## 11.4.1 (2018-10-23)
 ### Security (2 changes)

--- a/changelogs/unreleased/sh-block-other-localhost.yml
+++ b/changelogs/unreleased/sh-block-other-localhost.yml
---
-title: Block loopback addresses in UrlBlocker
-merge_request:
-author:
-type: security