Update CHANGELOG.md for 10.2.6

[ci skip]

Update CHANGELOG.md for 10.2.6
724456bf · Oswaldo Ferreira · 0337f3d5 · 724456bf · 0337f3d5 · 0337f3d5
Commit 724456bf authored Jan 11, 2018 by Oswaldo Ferreira
10 changed files
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,21 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.

+## 10.2.6 (2018-01-11)
+
+### Security (9 changes, 1 of them is from the community)
+
+- Fix writable shared deploy keys.
+- Filter out sensitive fields from the project services API. (Robert Schilling)
+- Fix RCE via project import mechanism.
+- Fixed IPython notebook output not being sanitized.
+- Prevent OAuth login POST requests when a provider has been disabled.
+- Prevent a SQL injection in the MilestonesFinder.
+- Check user authorization for source and target projects when creating a merge request.
+- Fix path traversal in gitlab-ci.yml cache:key.
+- Fix XSS vulnerability in pipeline job trace.
+
+
 ## 10.2.5 (2017-12-15)

 ### Fixed (8 changes)

--- a/changelogs/unreleased/ac-41346-xss-ci-job-output.yml
+++ b/changelogs/unreleased/ac-41346-xss-ci-job-output.yml
---
-title: Fix XSS vulnerability in pipeline job trace
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/api-no-service-pw-output.yml
+++ b/changelogs/unreleased/api-no-service-pw-output.yml
---
-title: Filter out sensitive fields from the project services API
-merge_request:
-author: Robert Schilling
-type: security
--- a/changelogs/unreleased/fix-import-rce.yml
+++ b/changelogs/unreleased/fix-import-rce.yml
---
-title: Fix RCE via project import mechanism
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/ipython-xss-fix.yml
+++ b/changelogs/unreleased/ipython-xss-fix.yml
---
-title: Fixed IPython notebook output not being sanitized
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/jej-fix-disabled-oauth-access.yml
+++ b/changelogs/unreleased/jej-fix-disabled-oauth-access.yml
---
-title: Prevent OAuth login POST requests when a provider has been disabled
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/milestones-finder-order-fix.yml
+++ b/changelogs/unreleased/milestones-finder-order-fix.yml
---
-title: Prevent a SQL injection in the MilestonesFinder
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/projectfix.yml
+++ b/changelogs/unreleased/projectfix.yml
---
-title: Check user authorization for source and target projects when creating a merge
-  request.
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-10-3.yml
+++ b/changelogs/unreleased/security-10-3.yml
---
-title: Fix path traversal in gitlab-ci.yml cache:key
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/sh-migrate-can-push-to-deploy-keys-projects.yml
+++ b/changelogs/unreleased/sh-migrate-can-push-to-deploy-keys-projects.yml
---
-title: Fix writable shared deploy keys
-merge_request:
-author:
-type: security