From e96b196110518bc02363af4ab457a50c882f48c1 Mon Sep 17 00:00:00 2001
From: Alessio Caiazza <acaiazza@gitlab.com>
Date: Thu, 21 Jun 2018 17:35:40 +0200
Subject: Update CHANGELOG.md for 10.8.5

[ci skip]
---
 CHANGELOG.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e21aa1f1154..09bac7a92aa 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -253,6 +253,17 @@ entry.
 - Workhorse to send raw diff and patch for commits.
 
 
+## 10.8.5 (2018-06-21)
+
+### Security (5 changes)
+
+- Fix XSS vulnerability for table of content generation.
+- Update sanitize gem to 4.6.5 to fix HTML injection vulnerability.
+- HTML escape branch name in project graphs page.
+- HTML escape the name of the user in ProjectsHelper#link_to_member.
+- Don't show events from internal projects for anonymous users in public feed.
+
+
 ## 10.8.4 (2018-06-06)
 
 - No changes.
-- 
cgit v1.2.1