Merge tag 'v0.9.4' into latest

author ArthurHoaro <arthur@hoa.ro>

Tue, 30 Jan 2018 18:15:30 +0000 (19:15 +0100)

committer ArthurHoaro <arthur@hoa.ro>

Tue, 30 Jan 2018 18:15:30 +0000 (19:15 +0100)
author ArthurHoaro <arthur@hoa.ro>
Tue, 30 Jan 2018 18:15:30 +0000 (19:15 +0100)
committer ArthurHoaro <arthur@hoa.ro>
Tue, 30 Jan 2018 18:15:30 +0000 (19:15 +0100)
diff --cc CHANGELOG.md

index 0a7b120c7edd76f60c2fe5a5524cd91776811d5b,aef32fcfea48f51ac66c282fa95d2c728361fabc..29e1fd6ecbb5115170874ef7c639c841cff4e77d
--- 1/CHANGELOG.md
--- 2/CHANGELOG.md
+++ b/CHANGELOG.md
@@@ -178,23 -209,14 +209,30 @@@ Theming
   ### Security
   - Markdown plugin: escape HTML entities by default
   
+ +## [v0.8.4](https://github.com/shaarli/Shaarli/releases/tag/v0.8.4) - 2017-03-04
+ +### Security
+ +- Markdown plugin: escape HTML entities by default
+ +
+ +
+ +## [v0.8.3](https://github.com/shaarli/Shaarli/releases/tag/v0.8.3) - 2017-01-20
+ +
+ +### Fixed
+ +
+ +- PHP 7.1 compatibility: add ConfigManager parameter to anti-bruteforce function call in login template.
+ +
+ +## [v0.8.2](https://github.com/shaarli/Shaarli/releases/tag/v0.8.2) - 2016-12-15
+ +
+ +### Fixed
+ +
+ +- Editing a link created before the new ID system would change its permalink.
   
+ ## [v0.8.5](https://github.com/shaarli/Shaarli/releases/tag/v0.8.5) - 2018-01-04
+ **XSS vulnerability fixed. Please update.**
+ 
+ ## Security
+ - Fix an XSS (cross-site-scripting) vulnerability in `index.php` -
+   [CVE-2018-5249](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5249)
+ 
   ## [v0.8.4](https://github.com/shaarli/Shaarli/releases/tag/v0.8.4) - 2017-03-04
   ### Security
   - Markdown plugin: escape HTML entities by default
author	ArthurHoaro <arthur@hoa.ro>
	Tue, 30 Jan 2018 18:15:30 +0000 (19:15 +0100)
committer	ArthurHoaro <arthur@hoa.ro>
	Tue, 30 Jan 2018 18:15:30 +0000 (19:15 +0100)