Update CHANGELOG.md for 8.14.9

[ci skip]
author: Robert Speicher <rspeicher@gmail.com> 2017-02-14 16:48:40 -0500
committer: Robert Speicher <rspeicher@gmail.com> 2017-02-14 16:48:40 -0500
commit: f3535bbff66d410983d39ec51f75d08683407fbf (patch)
tree: 0307575062b5b18d42fced6f0763edac63233fe9 /CHANGELOG.md
parent: 0733b142ac705a53de4f80e1b8c4929d30012905 (diff)
download: gitlab-ce-f3535bbff66d410983d39ec51f75d08683407fbf.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6f0492700c5..e524062a2eb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -453,6 +453,13 @@ entry.
 - Whitelist next project names: help, ci, admin, search. !8227
 - Adds back CSS for progress-bars. !8237
 
+## 8.14.9 (2017-02-14)
+
+- Patch Asciidocs rendering to block XSS.
+- Fix XSS vulnerability in SVG attachments.
+- Prevent the GitHub importer from assigning labels and comments to merge requests or issues belonging to other projects.
+- Patch XSS vulnerability in RDOC support.
+
 ## 8.14.8 (2017-01-25)
 
 - Accept environment variables from the `pre-receive` script. !7967
author	Robert Speicher <rspeicher@gmail.com>	2017-02-14 16:48:40 -0500
committer	Robert Speicher <rspeicher@gmail.com>	2017-02-14 16:48:40 -0500
commit	f3535bbff66d410983d39ec51f75d08683407fbf (patch)
tree	0307575062b5b18d42fced6f0763edac63233fe9 /CHANGELOG.md
parent	0733b142ac705a53de4f80e1b8c4929d30012905 (diff)
download	gitlab-ce-f3535bbff66d410983d39ec51f75d08683407fbf.tar.gz