From 5fde7c6c3b415656fe443a3ce27f12f41507a713 Mon Sep 17 00:00:00 2001
From: DJ Mountney <david@twkie.net>
Date: Wed, 5 Apr 2017 18:02:21 -0700
Subject: [PATCH] Update CHANGELOG.md for 8.16.9

[ci skip]
---
 CHANGELOG.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f8484471236..712a4970a41 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -549,6 +549,14 @@ entry.
 - Remove deprecated GitlabCiService.
 - Requeue pending deletion projects.
 
+## 8.16.9 (2017-04-05)
+
+- Don’t show source project name when user does not have access.
+- Remove the class attribute from the whitelist for HTML generated from Markdown.
+- Fix path disclosure in project import/export.
+- Fix for open redirect vulnerability using continue[to] in URL when requesting project import status.
+- Fix for open redirect vulnerabilities in todos, issues, and MR controllers.
+
 ## 8.16.8 (2017-03-19)
 
 - Only show public emails in atom feeds.
-- 
2.30.9