Update CHANGELOG.md for 10.7.6

[ci skip]

CHANGELOG.md

@@ -482,6 +482,22 @@ entry.
 - Gitaly handles repository forks by default.
 
 
+## 10.7.6 (2018-06-21)
+
+### Security (6 changes)
+
+- Fix XSS vulnerability for table of content generation.
+- Update sanitize gem to 4.6.5 to fix HTML injection vulnerability.
+- HTML escape branch name in project graphs page.
+- HTML escape the name of the user in ProjectsHelper#link_to_member.
+- Don't show events from internal projects for anonymous users in public feed.
+- XSS fix to use safe_params instead of params in url_for helpers.
+
+### Other (1 change)
+
+- Replacing gollum libraries for gitlab custom libs. !18343
+
+
 ## 10.7.5 (2018-05-28)
 
 ### Security (3 changes)