diff --git a/CHANGELOG.md b/CHANGELOG.md
index 71d38e5453d0eb95e09b3ff4fd752244571d0d81..cbaac0f69d3a1c7c2f0d500ea465cbd6c58c4da5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,13 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 8.16.5 (2017-02-14)
+
+- Patch Asciidocs rendering to block XSS.
+- Fix XSS vulnerability in SVG attachments.
+- Prevent the GitHub importer from assigning labels and comments to merge requests or issues belonging to other projects.
+- Patch XSS vulnerability in RDOC support.
+
 ## 8.16.4 (2017-02-02)
 
 - Support non-ASCII characters in GFM autocomplete. !8729
@@ -174,6 +181,13 @@ entry.
 - Add margin to markdown math blocks.
 - Add hover state to MR comment reply button.
 
+## 8.15.6 (2017-02-14)
+
+- Patch Asciidocs rendering to block XSS.
+- Fix XSS vulnerability in SVG attachments.
+- Prevent the GitHub importer from assigning labels and comments to merge requests or issues belonging to other projects.
+- Patch XSS vulnerability in RDOC support.
+
 ## 8.15.4 (2017-01-09)
 
 - Make successful pipeline emails off for watchers. !8176
@@ -437,6 +451,13 @@ entry.
 - Whitelist next project names: help, ci, admin, search. !8227
 - Adds back CSS for progress-bars. !8237
 
+## 8.14.9 (2017-02-14)
+
+- Patch Asciidocs rendering to block XSS.
+- Fix XSS vulnerability in SVG attachments.
+- Prevent the GitHub importer from assigning labels and comments to merge requests or issues belonging to other projects.
+- Patch XSS vulnerability in RDOC support.
+
 ## 8.14.8 (2017-01-25)
 
 - Accept environment variables from the `pre-receive` script. !7967
diff --git a/app/assets/stylesheets/pages/issuable.scss b/app/assets/stylesheets/pages/issuable.scss
index da5c44b5fdc3f140bf42615556d48dd074657306..a53cc27fac92de409d1c6d3b5e99a47bb341b487 100644
--- a/app/assets/stylesheets/pages/issuable.scss
+++ b/app/assets/stylesheets/pages/issuable.scss
@@ -193,7 +193,6 @@
   top: $header-height;
   bottom: 0;
   right: 0;
-  z-index: 8;
   transition: width .3s;
   background: $gray-light;
   padding: 10px 20px;
diff --git a/app/assets/stylesheets/pages/tree.scss b/app/assets/stylesheets/pages/tree.scss
index 8fafe4726218399be28b97b1b7b70b61b6f8af97..948921efc0ba07a4edb1b902981b6adfda9da953 100644
--- a/app/assets/stylesheets/pages/tree.scss
+++ b/app/assets/stylesheets/pages/tree.scss
@@ -171,6 +171,8 @@
 .tree-controls {
   float: right;
   margin-top: 11px;
+  position: relative;
+  z-index: 2;
 
   .project-action-button {
     margin-left: $btn-side-margin;
diff --git a/app/views/dashboard/_activity_head.html.haml b/app/views/dashboard/_activity_head.html.haml
index 02b94beee928a0e2c031f51cd6daff2597aa918d..68a46f61eb759cfeccf41e256f20eaf9aa87a28b 100644
--- a/app/views/dashboard/_activity_head.html.haml
+++ b/app/views/dashboard/_activity_head.html.haml
@@ -1,7 +1,8 @@
-%ul.nav-links
-  %li{ class: ("active" unless params[:filter]) }>
-    = link_to activity_dashboard_path, class: 'shortcuts-activity', data: {placement: 'right'} do
-      Your Projects
-  %li{ class: ("active" if params[:filter] == 'starred') }>
-    = link_to activity_dashboard_path(filter: 'starred'), data: {placement: 'right'} do
-      Starred Projects
+.top-area
+  %ul.nav-links
+    %li{ class: ("active" unless params[:filter]) }>
+      = link_to activity_dashboard_path, class: 'shortcuts-activity', data: {placement: 'right'} do
+        Your Projects
+    %li{ class: ("active" if params[:filter] == 'starred') }>
+      = link_to activity_dashboard_path(filter: 'starred'), data: {placement: 'right'} do
+        Starred Projects
diff --git a/changelogs/unreleased/27631-fix-small-height-of-activity-header-page.yml b/changelogs/unreleased/27631-fix-small-height-of-activity-header-page.yml
new file mode 100644
index 0000000000000000000000000000000000000000..59da28964f709f0092e454e48d8fbd3b4d986544
--- /dev/null
+++ b/changelogs/unreleased/27631-fix-small-height-of-activity-header-page.yml
@@ -0,0 +1,4 @@
+---
+title: "Fix small height of activity header page"
+merge_request: 8952
+author: Pavel Sorokin
diff --git a/changelogs/unreleased/28142-overlap-bugs.yml b/changelogs/unreleased/28142-overlap-bugs.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9fdabdf204af6f4b318dc2fe7483fd815d1ac5f3
--- /dev/null
+++ b/changelogs/unreleased/28142-overlap-bugs.yml
@@ -0,0 +1,4 @@
+---
+title: Fix z index issues with sidebar
+merge_request:
+author:
diff --git a/lib/gitlab/sidekiq_status/client_middleware.rb b/lib/gitlab/sidekiq_status/client_middleware.rb
index 779a9998b224024220a5881d7197cce0dee83f9c..d47609f490d347e6af5e269c6ec3549388e4444f 100644
--- a/lib/gitlab/sidekiq_status/client_middleware.rb
+++ b/lib/gitlab/sidekiq_status/client_middleware.rb
@@ -2,7 +2,7 @@ module Gitlab
   module SidekiqStatus
     class ClientMiddleware
       def call(_, job, _, _)
-        SidekiqStatus.set(job['jid'])
+        Gitlab::SidekiqStatus.set(job['jid'])
         yield
       end
     end
diff --git a/lib/gitlab/sidekiq_status/server_middleware.rb b/lib/gitlab/sidekiq_status/server_middleware.rb
index 31dfa46ff9da75f500dfb89f02678d761a0fa01a..ceab10b830177f2a4b983278084f0d97a50685f8 100644
--- a/lib/gitlab/sidekiq_status/server_middleware.rb
+++ b/lib/gitlab/sidekiq_status/server_middleware.rb
@@ -4,7 +4,7 @@ module Gitlab
       def call(worker, job, queue)
         ret = yield
 
-        SidekiqStatus.unset(job['jid'])
+        Gitlab::SidekiqStatus.unset(job['jid'])
 
         ret
       end