6 files changed, 11 insertions, 25 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 487ee3f2b93..3d34ce51641 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,17 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 10.8.5 (2018-06-21)
+
+### Security (5 changes)
+
+- Fix XSS vulnerability for table of content generation.
+- Update sanitize gem to 4.6.5 to fix HTML injection vulnerability.
+- HTML escape branch name in project graphs page.
+- HTML escape the name of the user in ProjectsHelper#link_to_member.
+- Don't show events from internal projects for anonymous users in public feed.
+
+
 ## 10.8.4 (2018-06-06)
 
 - No changes.
diff --git a/changelogs/unreleased/security-2682-fix-xss-for-markdown-toc.yml b/changelogs/unreleased/security-2682-fix-xss-for-markdown-toc.yml
deleted file mode 100644
index f595678c3c2..00000000000
--- a/changelogs/unreleased/security-2682-fix-xss-for-markdown-toc.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Fix XSS vulnerability for table of content generation
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-fj-bumping-sanitize-gem.yml b/changelogs/unreleased/security-fj-bumping-sanitize-gem.yml
deleted file mode 100644
index bec1033425d..00000000000
--- a/changelogs/unreleased/security-fj-bumping-sanitize-gem.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Update sanitize gem to 4.6.5 to fix HTML injection vulnerability
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-html_escape_branch_name.yml b/changelogs/unreleased/security-html_escape_branch_name.yml
deleted file mode 100644
index 02d1065348f..00000000000
--- a/changelogs/unreleased/security-html_escape_branch_name.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: HTML escape branch name in project graphs page
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-html_escape_usernames.yml b/changelogs/unreleased/security-html_escape_usernames.yml
deleted file mode 100644
index 7e69e4ae266..00000000000
--- a/changelogs/unreleased/security-html_escape_usernames.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: HTML escape the name of the user in ProjectsHelper#link_to_member
-merge_request:
-author:
-type: security
diff --git a/changelogs/unreleased/security-rd-do-not-show-internal-info-in-public-feed.yml b/changelogs/unreleased/security-rd-do-not-show-internal-info-in-public-feed.yml
deleted file mode 100644
index ff78c162dff..00000000000
--- a/changelogs/unreleased/security-rd-do-not-show-internal-info-in-public-feed.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: Don't show events from internal projects for anonymous users in public feed
-merge_request:
-author:
-type: security