...
 
Commits (2)
......@@ -33,6 +33,20 @@ release](/2019/02/22/gitlab-11-8-released/) and prior versions.
* [Fix Approval UI showing up for free plan](https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/9819)
* [Resolve "Add "No approval required" state to approval rules MR component"](https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/9899)
### Security fix
#### Public project in a private group makes the group page publicly accessible
Sharing a public project with a private group makes the group page publicly accessible. The issue is now mitigated in the latest release and is assigned [CVE-2019-9732](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9732).
#### Versions Affected
Affects GitLab CE/EE 10.0.3 and later.
#### Remediation
We **strongly recommend** that all installations running an affected version to be upgraded to the latest version as soon as possible.
## Upgrade barometer
This version does not include any new migrations, and should not require any
......