Update CHANGELOG.md for 9.0.4

[ci skip]
author: DJ Mountney <david@twkie.net> 2017-04-05 17:31:18 -0700
committer: DJ Mountney <david@twkie.net> 2017-04-05 17:31:18 -0700
commit: b821ed6fc270151c6be15493f431641a196b756d (patch)
tree: b2aa1cf094b4ba7e7ded68cdf756d45051f16022
parent: 4e3de96ed059db39ee16ce99e5a4b4e8de14ea55 (diff)
download: gitlab-ce-b821ed6fc270151c6be15493f431641a196b756d.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3e5475a2296..a10369c98a6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,14 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 9.0.4 (2017-04-05)
+
+- Don’t show source project name when user does not have access.
+- Remove the class attribute from the whitelist for HTML generated from Markdown.
+- Fix path disclosure in project import/export.
+- Fix for open redirect vulnerability using continue[to] in URL when requesting project import status.
+- Fix for open redirect vulnerabilities in todos, issues, and MR controllers.
+
 ## 9.0.3 (2017-04-05)
 
 - Fix name colision when importing GitHub pull requests from forked repositories. !9719
author	DJ Mountney <david@twkie.net>	2017-04-05 17:31:18 -0700
committer	DJ Mountney <david@twkie.net>	2017-04-05 17:31:18 -0700
commit	b821ed6fc270151c6be15493f431641a196b756d (patch)
tree	b2aa1cf094b4ba7e7ded68cdf756d45051f16022
parent	4e3de96ed059db39ee16ce99e5a4b4e8de14ea55 (diff)
download	gitlab-ce-b821ed6fc270151c6be15493f431641a196b756d.tar.gz