Update CHANGELOG.md for 9.5.4

[ci skip]

Update CHANGELOG.md for 9.5.4
[ci skip]
ac38f36a · Jose Ivan Vargas · a0274a50 · ac38f36a
Commit ac38f36a authored Sep 06, 2017 by Jose Ivan Vargas
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 0 deletions

CHANGELOG.md CHANGELOG.md +10 -0

No files found.
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,16 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.

+## 9.5.4 (2017-09-06)
+
+- [SECURITY] Upgrade mail and nokogiri gems due to security issues. !13662 (Markus Koller)
+- [SECURITY] Prevent a persistent XSS in the commit author block.
+- Fix XSS issue in go-get handling.
+- Resolve CSRF token leakage via pathname manipulation on environments page.
+- Fixes race condition in project uploads.
+- Disallow arbitrary properties in `th` and `td` `style` attributes.
+- Disallow the `name` attribute on all user-provided markup.
+
 ## 9.5.3 (2017-09-03)

 - [SECURITY] Filter additional secrets from Rails logs.