Update CHANGELOG.md for 8.16.9

[ci skip]
author: DJ Mountney <david@twkie.net> 2017-04-05 18:02:21 -0700
committer: DJ Mountney <david@twkie.net> 2017-04-05 18:02:21 -0700
commit: 5fde7c6c3b415656fe443a3ce27f12f41507a713 (patch)
tree: 2d4e1f189371cb07c4e7be0ccd0786667cd1db1e /CHANGELOG.md
parent: 11b350ee000beda8fc45b312822a309a2df8c088 (diff)
download: gitlab-ce-5fde7c6c3b415656fe443a3ce27f12f41507a713.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index f8484471236..712a4970a41 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -549,6 +549,14 @@ entry.
 - Remove deprecated GitlabCiService.
 - Requeue pending deletion projects.
 
+## 8.16.9 (2017-04-05)
+
+- Don’t show source project name when user does not have access.
+- Remove the class attribute from the whitelist for HTML generated from Markdown.
+- Fix path disclosure in project import/export.
+- Fix for open redirect vulnerability using continue[to] in URL when requesting project import status.
+- Fix for open redirect vulnerabilities in todos, issues, and MR controllers.
+
 ## 8.16.8 (2017-03-19)
 
 - Only show public emails in atom feeds.
author	DJ Mountney <david@twkie.net>	2017-04-05 18:02:21 -0700
committer	DJ Mountney <david@twkie.net>	2017-04-05 18:02:21 -0700
commit	5fde7c6c3b415656fe443a3ce27f12f41507a713 (patch)
tree	2d4e1f189371cb07c4e7be0ccd0786667cd1db1e /CHANGELOG.md
parent	11b350ee000beda8fc45b312822a309a2df8c088 (diff)
download	gitlab-ce-5fde7c6c3b415656fe443a3ce27f12f41507a713.tar.gz