From 097f16282d492b27973bc25b0bde6b2d20904343 Mon Sep 17 00:00:00 2001
From: Robbie Averill <robbie@silverstripe.com>
Date: Thu, 10 May 2018 15:57:07 +1200
Subject: [PATCH] Added 3.6.6-rc1 changelog

---
 docs/en/04_Changelogs/rc/3.6.6-rc1.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 docs/en/04_Changelogs/rc/3.6.6-rc1.md

diff --git a/docs/en/04_Changelogs/rc/3.6.6-rc1.md b/docs/en/04_Changelogs/rc/3.6.6-rc1.md
new file mode 100644
index 000000000..2d4bf0b66
--- /dev/null
+++ b/docs/en/04_Changelogs/rc/3.6.6-rc1.md
@@ -0,0 +1,16 @@
+# 3.6.6-rc1
+
+This security release removes the following file extensions from the default whitelist of accepted types for 
+uploaded files: `dotm`, `potm`, `jar`, `css`, `js` and `xltm`.
+
+If you require the ability to upload these file types in your projects, you will need to add them back in again.
+For more information, see ["Limit the allowed file types"](https://docs.silverstripe.org/en/3/developer_guides/forms/field_types/uploadfield/#limit-the-allowed-filetypes).
+
+<!--- Changes below this line will be automatically regenerated -->
+
+## Change Log
+
+### Security
+
+ * 2018-05-08 [19fdebfa2]() Remove dotm, potm, jar, css, js, xltm from default File.allowed_extensions (Robbie Averill) - See [ss-2018-014](http://www.silverstripe.org/download/security-releases/ss-2018-014)
+ * 2018-04-11 [577138882]() Restrict non-admins from being assigned to admin groups (Damian Mooyman) - See [ss-2018-001](http://www.silverstripe.org/download/security-releases/ss-2018-001)