Update CHANGELOG for 8.6.8

[ci skip]
author: Robert Speicher <rspeicher@gmail.com> 2016-04-26 17:57:49 -0400
committer: Robert Speicher <rspeicher@gmail.com> 2016-04-26 17:57:49 -0400
commit: 86f56441ae2c4fc806151432cffd3ec04e31d57a (patch)
tree: 0e57c04964a1bd615242f43a970743033dece39f
parent: 13a4f9fc58ca24679b1bcedbfcab701f59c7f2b3 (diff)
download: gitlab-ce-86f56441ae2c4fc806151432cffd3ec04e31d57a.tar.gz
1 files changed, 6 insertions, 5 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 037cede0e57..07494cbf26e 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,15 +1,16 @@
 Please view this file on the master branch, on stable branches it's out of date.
 
 v 8.6.8
-  - Fix a window.opener bug that could lead to XSS and open redirects
+  - Prevent privilege escalation via "impersonate" feature
+  - Prevent privilege escalation via notes API
+  - Prevent privilege escalation via project webhook API
   - Prevent XSS via Git branch and tag names
   - Prevent XSS via custom issue tracker URL
-  - Fix vulnerability that leaks private labels and milestones
-  - Prevent XSS with in label dropdown
-  - Prevent privilege escalation via "impersonate" feature
-  - Prevent users from deleting Webhooks via API they do not own
+  - Prevent XSS via `window.opener`
+  - Prevent XSS via label drop-down
   - Prevent information disclosure via milestone API
   - Prevent information disclosure via snippet API
+  - Prevent information disclosure via project labels
   - Prevent information disclosure via new merge request page
 
 v 8.6.7
author	Robert Speicher <rspeicher@gmail.com>	2016-04-26 17:57:49 -0400
committer	Robert Speicher <rspeicher@gmail.com>	2016-04-26 17:57:49 -0400
commit	86f56441ae2c4fc806151432cffd3ec04e31d57a (patch)
tree	0e57c04964a1bd615242f43a970743033dece39f
parent	13a4f9fc58ca24679b1bcedbfcab701f59c7f2b3 (diff)
download	gitlab-ce-86f56441ae2c4fc806151432cffd3ec04e31d57a.tar.gz