Update CHANGELOG.md for 8.16.9

CHANGELOG.md

@@ -2,6 +2,14 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 8.16.9 (2017-04-05)
+
+- Don’t show source project name when user does not have access.
+- Remove the class attribute from the whitelist for HTML generated from Markdown.
+- Fix path disclosure in project import/export.
+- Fix for open redirect vulnerability using continue[to] in URL when requesting project import status.
+- Fix for open redirect vulnerabilities in todos, issues, and MR controllers.
+
 ## 8.16.8 (2017-03-19)
 
 - Only show public emails in atom feeds.

changelogs/unreleased/29364-private-projects-mr-fix.yml

----
-title: Don’t show source project name when user does not have access
-merge_request:
-author:

changelogs/unreleased/30125-markdown-security.yml

----
-title: Remove the class attribute from the whitelist for HTML generated from Markdown.
-merge_request:
-author:

changelogs/unreleased/file-import-export-path-disclosure.yml

----
-title: Fix path disclosure in project import/export
-merge_request: 
-author:
-

changelogs/unreleased/open-redirect-continue-params.yml

----
-title: Fix for open redirect vulnerability using continue[to] in URL when requesting project import status.
-merge_request: 
-author:

changelogs/unreleased/open-redirect-host-field.yml

----
-title: Fix for open redirect vulnerabilities in todos, issues, and MR controllers.
-merge_request: 
-author: