Update CHANGELOG.md for 9.0.7

[ci skip]
author: Lin Jen-Shin <godfat@godfat.org> 2017-05-05 10:16:44 +0000
committer: Lin Jen-Shin <godfat@godfat.org> 2017-05-05 10:16:44 +0000
commit: 4f72e7c60268e8189d380754b7615fc399da568e (patch)
tree: 2b60ed6f8c2ecb338075d8db1e89661bb9f00819 /CHANGELOG.md
parent: 6fbc96bf0e6b5b462970a0946fa6ff07599afdbf (diff)
download: gitlab-ce-4f72e7c60268e8189d380754b7615fc399da568e.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 113af7184c7..406507aede0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,18 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 9.0.7 (2017-05-05)
+
+- Enforce project features when searching blobs and wikis.
+- Fixed branches dropdown rendering branch names as HTML.
+- Make Asciidoc & other markup go through pipeline to prevent XSS.
+- Validate URLs in markdown using URI to detect the host correctly.
+- Fix for XSS in project import view caused by Hamlit filter usage.
+- Sanitize submodule URLs before linking to them in the file tree view.
+- Refactor snippets finder & dont return internal snippets for external users.
+- Fix snippets visibility for show action - external users can not see internal snippets.
+- Do not show private groups on subgroups page if user doesn't have access to.
+
 ## 9.0.6 (2017-04-21)
 
 - Bugfix: POST /projects/:id/hooks and PUT /projects/:id/hook/:hook_id no longer ignore the the job_events param in the V4 API. !10586
author	Lin Jen-Shin <godfat@godfat.org>	2017-05-05 10:16:44 +0000
committer	Lin Jen-Shin <godfat@godfat.org>	2017-05-05 10:16:44 +0000
commit	4f72e7c60268e8189d380754b7615fc399da568e (patch)
tree	2b60ed6f8c2ecb338075d8db1e89661bb9f00819 /CHANGELOG.md
parent	6fbc96bf0e6b5b462970a0946fa6ff07599afdbf (diff)
download	gitlab-ce-4f72e7c60268e8189d380754b7615fc399da568e.tar.gz