Update CHANGELOG.md for 8.17.5

[ci skip]
author: DJ Mountney <david@twkie.net> 2017-04-05 17:57:31 -0700
committer: DJ Mountney <david@twkie.net> 2017-04-05 17:57:31 -0700
commit: 11b350ee000beda8fc45b312822a309a2df8c088 (patch)
tree: b1c8c25c5dd8a3106a12e15608298bed34db4cf6 /CHANGELOG.md
parent: b821ed6fc270151c6be15493f431641a196b756d (diff)
download: gitlab-ce-11b350ee000beda8fc45b312822a309a2df8c088.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index a10369c98a6..f8484471236 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -328,6 +328,14 @@ entry.
 - Change development tanuki favicon colors to match logo color order.
 - API issues - support filtering by iids.
 
+## 8.17.5 (2017-04-05)
+
+- Don’t show source project name when user does not have access.
+- Remove the class attribute from the whitelist for HTML generated from Markdown.
+- Fix path disclosure in project import/export.
+- Fix for open redirect vulnerability using continue[to] in URL when requesting project import status.
+- Fix for open redirect vulnerabilities in todos, issues, and MR controllers.
+
 ## 8.17.4 (2017-03-19)
 
 - Only show public emails in atom feeds.
author	DJ Mountney <david@twkie.net>	2017-04-05 17:57:31 -0700
committer	DJ Mountney <david@twkie.net>	2017-04-05 17:57:31 -0700
commit	11b350ee000beda8fc45b312822a309a2df8c088 (patch)
tree	b1c8c25c5dd8a3106a12e15608298bed34db4cf6 /CHANGELOG.md
parent	b821ed6fc270151c6be15493f431641a196b756d (diff)
download	gitlab-ce-11b350ee000beda8fc45b312822a309a2df8c088.tar.gz