diff --git a/CHANGELOG.md b/CHANGELOG.md
index 11998bb2bb2987ac66c2c3513d0b196df81d71b8..9ad603fdc75b31d9f4ed9c7291d7ba256055da73 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -435,6 +435,16 @@ entry.
 - Clean up schema of the "merge_requests" table.
 
 
+## 10.2.8 (2018-02-07)
+
+### Security (4 changes)
+
+- Fix namespace access issue for GitHub, BitBucket, and GitLab.com project importers.
+- Fix stored XSS in code blocks that ignore highlighting.
+- Fix wilcard protected tags protecting all branches.
+- Restrict Todo API mark_as_done endpoint to the user's todos only.
+
+
 ## 10.2.7 (2018-01-18)
 
 - No changes.