Update CHANGELOG.md for 9.5.4

[ci skip]

8 files changed, 10 insertions, 30 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7ee2a2cae21..5fc14f42c5a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,16 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 9.5.4 (2017-09-06)
+
+- [SECURITY] Upgrade mail and nokogiri gems due to security issues. !13662 (Markus Koller)
+- [SECURITY] Prevent a persistent XSS in the commit author block.
+- Fix XSS issue in go-get handling.
+- Resolve CSRF token leakage via pathname manipulation on environments page.
+- Fixes race condition in project uploads.
+- Disallow arbitrary properties in `th` and `td` `style` attributes.
+- Disallow the `name` attribute on all user-provided markup.
+
 ## 9.5.3 (2017-09-03)
 
 - [SECURITY] Filter additional secrets from Rails logs.
diff --git a/changelogs/unreleased/29943-environment-folder.yml b/changelogs/unreleased/29943-environment-folder.yml
deleted file mode 100644
index 8434d07d86e..00000000000
--- a/changelogs/unreleased/29943-environment-folder.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-title: Resolve CSRF token leakage via pathname manipulation on environments page
-merge_request:
-author:
diff --git a/changelogs/unreleased/dm-go-get-xss.yml b/changelogs/unreleased/dm-go-get-xss.yml
deleted file mode 100644
index bf0a7f4bd3d..00000000000
--- a/changelogs/unreleased/dm-go-get-xss.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-title: Fix XSS issue in go-get handling
-merge_request:
-author:
diff --git a/changelogs/unreleased/fix-escape-commit-block.yml b/changelogs/unreleased/fix-escape-commit-block.yml
deleted file mode 100644
index 0665c8e5db2..00000000000
--- a/changelogs/unreleased/fix-escape-commit-block.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Prevent a persistent XSS in the commit author block
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/fix-gem-security-updates.yml b/changelogs/unreleased/fix-gem-security-updates.yml
deleted file mode 100644
index dce11d08402..00000000000
--- a/changelogs/unreleased/fix-gem-security-updates.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Upgrade mail and nokogiri gems due to security issues
-merge_request: 13662
-author: Markus Koller
-type: security
diff --git a/changelogs/unreleased/race-condition-in-project-uploads-fix-9-4.yml b/changelogs/unreleased/race-condition-in-project-uploads-fix-9-4.yml
deleted file mode 100644
index adf9d77bce8..00000000000
--- a/changelogs/unreleased/race-condition-in-project-uploads-fix-9-4.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-title: Fixes race condition in project uploads
-merge_request:
-author:
diff --git a/changelogs/unreleased/rs-issue-36098.yml b/changelogs/unreleased/rs-issue-36098.yml
deleted file mode 100644
index 56b92705a80..00000000000
--- a/changelogs/unreleased/rs-issue-36098.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-title: Disallow arbitrary properties in `th` and `td` `style` attributes
-merge_request:
-author:
diff --git a/changelogs/unreleased/rs-issue-36104.yml b/changelogs/unreleased/rs-issue-36104.yml
deleted file mode 100644
index b050cd83175..00000000000
--- a/changelogs/unreleased/rs-issue-36104.yml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-title: Disallow the `name` attribute on all user-provided markup
-merge_request:
-author: