+### Added
+- Allow bulk link deletion
+- Display subtags in the tag cloud
+- Add an endpoint to refresh the token
+- Add a token on every page
+- Add a tag list view for management
+- Add Note bookmarklet
+- Add creation date when editing a link
+
+### Changed
+- Documentation:
+ - Generate static HTML documentation with [mkdocs](http://www.mkdocs.org/)
+ - Host documentation on [ReadTheDocs](http://www.mkdocs.org/)
+ - Update documentation structure
+ - Update Makefile targets to:
+ - Build the docs locally
+ - Include the generated docs in the release archives
+- Theme:
+ - Use the new theme as the default
+ - Rename the tag cloud template to `tag.cloud.html`
+ - Display visited links in grey
+ - Use only one search form in `linklist.html`
+ - Hide the "search links with these tags" option when an empty `searchtags` is passed to `tag.list.html`
+- Improve HTTP header handling when hosting Shaarli with Docker behind a reverse proxy
+- Searching for tags with an empty value returns untagged links only
+- Set Travis environment to `precise` until the new `trusty` environment is ready
+
+### Removed
+- Remove dead Pubsubhubbub code
+- Disable the GitHub wiki (see changed/documentation)
+- Remove Docker `dev` image and resources
+- Theme:
+ - Remove the bottom "Sort by" menu in `tag.list.html`
+
+### Fixed
+- Fix file existence check for `user.css`
+- Limit selection to 2k characters when using the bookmarklet
+- Fix JS error `uncaught type error`
+- Fix Firefox Social button
+- Use pinned PHP dependencies when generating release archives
+- Make sure that the tag exists before altering/removing it
+
+### Security
+- Add a whitelist for protocols for URLs
+
+
+## [v0.9.0](https://github.com/shaarli/Shaarli/releases/tag/v0.9.0) - 2017-05-07
+
+This release introduces the REST API, and requires updating HTTP server
+configuration to enable URL rewriting, see:
+- https://shaarli.github.io/api-documentation/
+- https://shaarli.readthedocs.io/en/master/Server-configuration/
+
+**WARNING**: Shaarli now requires PHP 5.5+.
+
+### Added
+- REST API v1
+ - [Slim](https://www.slimframework.com/) framework
+ - [JSON Web Token](https://jwt.io/introduction/) (JWT) authentication
+ - versioned API endpoints:
+ - `/api/v1/info`: get general information on the Shaarli instance
+ - `/api/v1/links`: get a list of shaared links
+ - `/api/v1/history`: get a list of latest actions
+Theming:
+ - Introduce a new theme
+ - Allow selecting themes/templates from the configuration page
+ - New/Edit link form can be submitted using CTRL+Enter in the textarea
+ - Shaarli version is displayed in the footer when logged in
+- Add plugin placeholders to Atom/RSS feed templates
+- Add OpenSearch to feed templates
+- Add `campaign_` to the URL cleanup pattern list
+- Add an AUTHORS file and Makefile target to list authors from Git commit data
+- Link imports are now logged in `data/` folder, and can be debug using `dev.debug=true` setting.
+- `composer.lock` is now included in git file to allow proper `composer install`
+- History mechanism which logs link addition/modification/deletion
+
+### Changed
+- Docker: enable nginx URL rewriting for the REST API
+- Theming:
+ - Move `user.css` to the `data` folder
+ - Move default template files to a subfolder (`default`)
+ - Rename the legacy theme to `vintage`
+ - Private only filter is now displayed as a search parameter
+ - Autocomplete: pre-select the first element
+ - Display daily date in the page title (browser title)
+ - Timezone lists are now passed as an array instead of raw HTML
+- Move PubSubHub to a dedicated plugin
+- Coding style:
+ - explicit method visibility
+ - safe boolean comparisons
+ - remove unused variables
+- The updater now keeps custom theme preferences
+- Simplify the COPYING information
+- Improved client locale detection
+- Improved date time display depending on the locale
+- Partial namespace support for Shaarli classes
+- Shaarli version is now only present in `shaarli_version.php`
+- Human readable maximum file size upload
+
+
+### Removed
+- PHP < 5.5 compatibility
+- ReadItYourself plugin
+
+### Fixed
+- Ignore generated release tarballs
+- Hide default port when behind a reverse proxy
+- Fix a typo in the Markdown plugin description
+- Fix the presence of empty tags for private tags and in search results
+- Fix a fatal error during the install
+- Fix permalink image alignment in daily page
+- Fix the delete button in `editlink`
+- Fix redirection after link deletion
+- Do not access LinkDB links by ID before the Updater applies migrations
+- Remove extra spaces in the bookmarklet's name
+- Piwik plugin: Piwik URL protocol can now be set (http or https)
+- All inline JS has been moved to dedicated JS files
+- Keep tags after login redirection
+
+### Security
+- Markdown plugin: escape HTML entities by default
+
+
+## [v0.8.7](https://github.com/shaarli/Shaarli/releases/tag/v0.8.7) - 2018-06-20
+### Changed
+- Build the Docker image from the local Git sources
+
+### Removed
+- Disable PHP 5.3 Travis build (unsupported)
+
+
+## [v0.8.6](https://github.com/shaarli/Shaarli/releases/tag/v0.8.6) - 2018-02-19
+### Changed
+- Run version check tests against the 'stable' branch
+
+
+## [v0.8.5](https://github.com/shaarli/Shaarli/releases/tag/v0.8.5) - 2018-01-04
+**XSS vulnerability fixed. Please update.**
+
+## Security
+- Fix an XSS (cross-site-scripting) vulnerability in `index.php` -
+ [CVE-2018-5249](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5249)
+
+## [v0.8.4](https://github.com/shaarli/Shaarli/releases/tag/v0.8.4) - 2017-03-04
+### Security
+- Markdown plugin: escape HTML entities by default
+
+## [v0.8.3](https://github.com/shaarli/Shaarli/releases/tag/v0.8.3) - 2017-01-20
+### Fixed
+- PHP 7.1 compatibility: add ConfigManager parameter to anti-bruteforce function call in login template.
+
+## [v0.8.2](https://github.com/shaarli/Shaarli/releases/tag/v0.8.2) - 2016-12-15
+### Fixed
+
+- Editing a link created before the new ID system would change its permalink.
+
+## [v0.8.1](https://github.com/shaarli/Shaarli/releases/tag/v0.8.1) - 2016-12-12
+
+> Note: this version will create an automatic backup of your database if anything goes wrong.