Update CHANGELOG.md for 10.6.6

[ci skip]

Update CHANGELOG.md for 10.6.6
f0ceff39 · Filipa Lacerda · d728ea8e · f0ceff39 · d728ea8e · d728ea8e
Commit f0ceff39 authored May 28, 2018 by Filipa Lacerda
5 changed files
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,16 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.

+## 10.6.6 (2018-05-28)
+
+### Security (4 changes)
+
+- Do not allow non-members to create MRs via forked projects when MRs are private.
+- Prevent user passwords from being changed without providing the previous password.
+- Fix API to remove deploy key from project instead of deleting it entirely.
+- Fixed bug that allowed importing arbitrary project attributes.
+
+
 ## 10.6.5 (2018-04-24)

 ### Security (1 change)

--- a/changelogs/unreleased/42682-merge-request-project-members-access.yml
+++ b/changelogs/unreleased/42682-merge-request-project-members-access.yml
---
-title: Do not allow non-members to create MRs via forked projects when MRs are private
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-10-6-users-can-update-their-password-without-entering-current-password.yml
+++ b/changelogs/unreleased/security-10-6-users-can-update-their-password-without-entering-current-password.yml
---
-title: Prevent user passwords from being changed without providing the previous password
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-dm-delete-deploy-key.yml
+++ b/changelogs/unreleased/security-dm-delete-deploy-key.yml
---
-title: Fix API to remove deploy key from project instead of deleting it entirely
-merge_request:
-author:
-type: security
--- a/changelogs/unreleased/security-fj-import-export-assignment.yml
+++ b/changelogs/unreleased/security-fj-import-export-assignment.yml
---
-title: Fixed bug that allowed importing arbitrary project attributes
-merge_request:
-author:
-type: security