Merge branch '18033-private-repo-mentions' into 'master'

Ensure logged-out users can't see private refs https://gitlab.com/gitlab-org/gitlab-ce/issues/18033 I'm still not sure what to do about the CHANGELOG on security issues - should I add to a patch release? This issue was assigned to 8.10. See merge request !1974 (cherry picked from commit 3a6ebb1fd624c216a4ce65380e64072793b7ccda)
author: Douwe Maan <douwe@gitlab.com> 2016-06-30 19:13:25 +0300
committer: Robert Speicher <rspeicher@gmail.com> 2016-06-30 21:41:15 +0300
commit: 70fd0177692d1d67965f099d7814cb3bd95b6dd1 (patch)
tree: c915436e1646a0c497a577e19d70d8b680338223 /CHANGELOG
parent: ad421b3ac65d7bd0679ee37546011dc0b2601199 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 1e1a5ca9b12..761f423a88a 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -2,6 +2,7 @@ Please view this file on the master branch, on stable branches it's out of date.
 
 v 8.9.4
   - Fix privilege escalation issue with OAuth external users.
+  - Ensure references to private repos aren't shown to logged-out users.
 
 v 8.9.3
   - Fix encrypted data backwards compatibility after upgrading attr_encrypted gem. !4963
author	Douwe Maan <douwe@gitlab.com>	2016-06-30 19:13:25 +0300
committer	Robert Speicher <rspeicher@gmail.com>	2016-06-30 21:41:15 +0300
commit	70fd0177692d1d67965f099d7814cb3bd95b6dd1 (patch)
tree	c915436e1646a0c497a577e19d70d8b680338223 /CHANGELOG
parent	ad421b3ac65d7bd0679ee37546011dc0b2601199 (diff)