From 5fde7c6c3b415656fe443a3ce27f12f41507a713 Mon Sep 17 00:00:00 2001 From: DJ Mountney <david@twkie.net> Date: Wed, 5 Apr 2017 18:02:21 -0700 Subject: [PATCH] Update CHANGELOG.md for 8.16.9 [ci skip] --- CHANGELOG.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f8484471236..712a4970a41 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -549,6 +549,14 @@ entry. - Remove deprecated GitlabCiService. - Requeue pending deletion projects. +## 8.16.9 (2017-04-05) + +- Don’t show source project name when user does not have access. +- Remove the class attribute from the whitelist for HTML generated from Markdown. +- Fix path disclosure in project import/export. +- Fix for open redirect vulnerability using continue[to] in URL when requesting project import status. +- Fix for open redirect vulnerabilities in todos, issues, and MR controllers. + ## 8.16.8 (2017-03-19) - Only show public emails in atom feeds. -- 2.30.9