Update CHANGELOG.md for 9.1.3

[ci skip]
author: Lin Jen-Shin <godfat@godfat.org> 2017-05-05 13:09:54 +0300
committer: Lin Jen-Shin <godfat@godfat.org> 2017-05-05 13:09:54 +0300
commit: f1f883501aa0035bbc744c7485a9517cb4561893 (patch)
tree: 86e1550d40401d2dfdecd2e9072072899a2357eb /CHANGELOG.md
parent: 3aeae2c7fa22630edc8f1f29bbbdf0f7bb40e15e (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2686d778b09..188aa73d16a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,17 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 9.1.3 (2017-05-05)
+
+- Enforce project features when searching blobs and wikis.
+- Fixed branches dropdown rendering branch names as HTML.
+- Make Asciidoc & other markup go through pipeline to prevent XSS.
+- Validate URLs in markdown using URI to detect the host correctly.
+- Fix for XSS in project import view caused by Hamlit filter usage.
+- Sanitize submodule URLs before linking to them in the file tree view.
+- Refactor snippets finder & dont return internal snippets for external users.
+- Fix snippets visibility for show action - external users can not see internal snippets.
+
 ## 9.1.2 (2017-05-01)
 
 - Add index on ci_runners.contacted_at. !10876 (blackst0ne)
author	Lin Jen-Shin <godfat@godfat.org>	2017-05-05 13:09:54 +0300
committer	Lin Jen-Shin <godfat@godfat.org>	2017-05-05 13:09:54 +0300
commit	f1f883501aa0035bbc744c7485a9517cb4561893 (patch)
tree	86e1550d40401d2dfdecd2e9072072899a2357eb /CHANGELOG.md
parent	3aeae2c7fa22630edc8f1f29bbbdf0f7bb40e15e (diff)