From 715cdc1afdf59cde4bd4a6183b81e2e19ef3ab78 Mon Sep 17 00:00:00 2001
From: Lin Jen-Shin <godfat@godfat.org>
Date: Fri, 5 May 2017 12:53:44 +0000
Subject: Update CHANGELOG.md for 8.17.6

[ci skip]
---
 CHANGELOG.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'CHANGELOG.md')

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e05b025ce2d..c9de0113e24 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -643,6 +643,17 @@ entry.
 - Change development tanuki favicon colors to match logo color order.
 - API issues - support filtering by iids.
 
+## 8.17.6 (2017-05-05)
+
+- Enforce project features when searching blobs and wikis.
+- Fixed branches dropdown rendering branch names as HTML.
+- Make Asciidoc & other markup go through pipeline to prevent XSS.
+- Validate URLs in markdown using URI to detect the host correctly.
+- Fix for XSS in project import view caused by Hamlit filter usage.
+- Sanitize submodule URLs before linking to them in the file tree view.
+- Refactor snippets finder & dont return internal snippets for external users.
+- Fix snippets visibility for show action - external users can not see internal snippets.
+
 ## 8.17.5 (2017-04-05)
 
 - Don’t show source project name when user does not have access.
-- 
cgit v1.2.3