Update CHANGELOG.md for 10.1.6

[ci skip]
2018-01-11 14:23:43 -02:00 · 2018-01-11 14:23:43 -02:00 · 47b0469028
parent 16855c8b9f
commit 47b0469028
1 changed files with 14 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -474,6 +474,20 @@ entry.
 - Add Gitaly metrics to the performance bar.


+## 10.1.6 (2018-01-11)
+
+### Security (8 changes, 1 of them is from the community)
+
+- Fix writable shared deploy keys.
+- Filter out sensitive fields from the project services API. (Robert Schilling)
+- Fix RCE via project import mechanism.
+- Prevent OAuth login POST requests when a provider has been disabled.
+- Prevent a SQL injection in the MilestonesFinder.
+- Check user authorization for source and target projects when creating a merge request.
+- Fix path traversal in gitlab-ci.yml cache:key.
+- Fix XSS vulnerability in pipeline job trace.
+
+
 ## 10.1.5 (2017-12-07)

 ### Security (5 changes)