Update CHANGELOG.md for 9.0.4

[ci skip]
This commit is contained in:
DJ Mountney 2017-04-05 17:31:18 -07:00
parent 4e3de96ed0
commit b821ed6fc2

View file

@ -2,6 +2,14 @@
documentation](doc/development/changelog.md) for instructions on adding your own documentation](doc/development/changelog.md) for instructions on adding your own
entry. entry.
## 9.0.4 (2017-04-05)
- Dont show source project name when user does not have access.
- Remove the class attribute from the whitelist for HTML generated from Markdown.
- Fix path disclosure in project import/export.
- Fix for open redirect vulnerability using continue[to] in URL when requesting project import status.
- Fix for open redirect vulnerabilities in todos, issues, and MR controllers.
## 9.0.3 (2017-04-05) ## 9.0.3 (2017-04-05)
- Fix name colision when importing GitHub pull requests from forked repositories. !9719 - Fix name colision when importing GitHub pull requests from forked repositories. !9719