Update CHANGELOG.md for 10.2.8

[ci skip]

Update CHANGELOG.md for 10.2.8
406299f4 · Robert Speicher · 83d49d1e · 406299f4 · 83d49d1e · 83d49d1e
Commit 406299f4 authored Feb 07, 2018 by Robert Speicher
5 changed files
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,16 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.

+## 10.2.8 (2018-02-07)
+
+### Security (4 changes)
+
+- Fix namespace access issue for GitHub, BitBucket, and GitLab.com project importers.
+- Fix stored XSS in code blocks that ignore highlighting.
+- Fix wilcard protected tags protecting all branches.
+- Restrict Todo API mark_as_done endpoint to the user's todos only.
+
+
 ## 10.2.7 (2018-01-18)

 - No changes.

--- a/changelogs/unreleased/fix-gh-namespace-issue.yml
+++ b/changelogs/unreleased/fix-gh-namespace-issue.yml
---
-title: Fix namespace access issue for GitHub, BitBucket, and GitLab.com project importers
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/fix-stored-xss-in-code-blocks.yml
+++ b/changelogs/unreleased/fix-stored-xss-in-code-blocks.yml
---
-title: Fix stored XSS in code blocks that ignore highlighting
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/mc-bug-38984-wildcard-protected-tags.yml
+++ b/changelogs/unreleased/mc-bug-38984-wildcard-protected-tags.yml
---
-title: Fix wilcard protected tags protecting all branches
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-10-4-todo-api-reveals-sensitive-information.yml
+++ b/changelogs/unreleased/security-10-4-todo-api-reveals-sensitive-information.yml
---
-title: Restrict Todo API mark_as_done endpoint to the user's todos only
-merge_request:
-author:
-type: security