From b821ed6fc270151c6be15493f431641a196b756d Mon Sep 17 00:00:00 2001
From: DJ Mountney <david@twkie.net>
Date: Wed, 5 Apr 2017 17:31:18 -0700
Subject: [PATCH] Update CHANGELOG.md for 9.0.4

[ci skip]
---
 CHANGELOG.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3e5475a2296..a10369c98a6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,14 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 9.0.4 (2017-04-05)
+
+- Don’t show source project name when user does not have access.
+- Remove the class attribute from the whitelist for HTML generated from Markdown.
+- Fix path disclosure in project import/export.
+- Fix for open redirect vulnerability using continue[to] in URL when requesting project import status.
+- Fix for open redirect vulnerabilities in todos, issues, and MR controllers.
+
 ## 9.0.3 (2017-04-05)
 
 - Fix name colision when importing GitHub pull requests from forked repositories. !9719