From 9b965ed5fa2d5861e480d0ada11cd7542ca8141e Mon Sep 17 00:00:00 2001
From: Damian Mooyman <damian@silverstripe.com>
Date: Tue, 6 Jun 2017 11:08:05 +1200
Subject: [PATCH] Add in missing changelog notes

---
 docs/en/04_Changelogs/3.6.0.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docs/en/04_Changelogs/3.6.0.md b/docs/en/04_Changelogs/3.6.0.md
index 7164b5cee..00a25fc36 100644
--- a/docs/en/04_Changelogs/3.6.0.md
+++ b/docs/en/04_Changelogs/3.6.0.md
@@ -4,6 +4,12 @@
 
 ## Change Log
 
+### Security
+
+ * 2017-05-24 [41270fc](https://github.com/silverstripe/silverstripe-cms/commit/41270fcf9980c4be2529d2750c717675548eb617) Only allow HTTP(S) links for external redirector pages (Daniel Hensby) - See [ss-2017-003](http://www.silverstripe.org/download/security-releases/ss-2017-003)
+ * 2017-05-09 [447ce0f](https://github.com/silverstripe/silverstripe-framework/commit/447ce0f84f880c2bc969a89e4be528c53caeabe0) Lock out users who dont exist in the DB (Daniel Hensby) - See [ss-2017-002](http://www.silverstripe.org/download/security-releases/ss-2017-002)
+ * 2017-05-09 [61cf72c](https://github.com/silverstripe/silverstripe-cms/commit/61cf72c08dafddef416d73f943ccd45e70c5d43d) Unescaped fields in CMSPageHistroyController::compare() (Daniel Hensby) - See [ss-2017-004](http://www.silverstripe.org/download/security-releases/ss-2017-004)
+
 ### API Changes
 
  * 2017-03-05 [f1b99b6](https://github.com/silverstripe/silverstripe-framework/commit/f1b99b6fa78f209ac493047f3ece55f7c9231efa) Enable theming of GroupedDropdownField (Damian Mooyman)