Update CHANGELOG.md for 8.17.6

[ci skip]
author: Lin Jen-Shin <godfat@godfat.org> 2017-05-05 12:53:44 +0000
committer: Lin Jen-Shin <godfat@godfat.org> 2017-05-05 12:53:44 +0000
commit: 715cdc1afdf59cde4bd4a6183b81e2e19ef3ab78 (patch)
tree: 8f1a63891c264447212c7b8fa2f0d50ece19dbe3 /CHANGELOG.md
parent: 444df931e7a0a7101c9f16cc7a20ea11094335d7 (diff)
download: gitlab-ce-715cdc1afdf59cde4bd4a6183b81e2e19ef3ab78.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index e05b025ce2d..c9de0113e24 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -643,6 +643,17 @@ entry.
 - Change development tanuki favicon colors to match logo color order.
 - API issues - support filtering by iids.
 
+## 8.17.6 (2017-05-05)
+
+- Enforce project features when searching blobs and wikis.
+- Fixed branches dropdown rendering branch names as HTML.
+- Make Asciidoc & other markup go through pipeline to prevent XSS.
+- Validate URLs in markdown using URI to detect the host correctly.
+- Fix for XSS in project import view caused by Hamlit filter usage.
+- Sanitize submodule URLs before linking to them in the file tree view.
+- Refactor snippets finder & dont return internal snippets for external users.
+- Fix snippets visibility for show action - external users can not see internal snippets.
+
 ## 8.17.5 (2017-04-05)
 
 - Don’t show source project name when user does not have access.
author	Lin Jen-Shin <godfat@godfat.org>	2017-05-05 12:53:44 +0000
committer	Lin Jen-Shin <godfat@godfat.org>	2017-05-05 12:53:44 +0000
commit	715cdc1afdf59cde4bd4a6183b81e2e19ef3ab78 (patch)
tree	8f1a63891c264447212c7b8fa2f0d50ece19dbe3 /CHANGELOG.md
parent	444df931e7a0a7101c9f16cc7a20ea11094335d7 (diff)
download	gitlab-ce-715cdc1afdf59cde4bd4a6183b81e2e19ef3ab78.tar.gz