Update CHANGELOG.md for 10.3.7

[ci skip]
2018-02-05 13:47:45 +00:00 · 2018-02-05 13:47:45 +00:00 · a674e131ee
parent 00b28eed84
commit a674e131ee
1 changed files with 10 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -207,6 +207,16 @@ entry.
 - Use a background migration for issues.closed_at.


+## 10.3.7 (2018-02-05)
+
+### Security (4 changes)
+
+- Fix namespace access issue for GitHub, BitBucket, and GitLab.com project importers.
+- Fix stored XSS in code blocks that ignore highlighting.
+- Fix wilcard protected tags protecting all branches.
+- Restrict Todo API mark_as_done endpoint to the user's todos only.
+
+
 ## 10.3.6 (2018-01-22)

 ### Fixed (17 changes, 2 of them are from the community)