Update changelog.

1 files changed, 85 insertions, 18 deletions

diff --git a/README.md b/README.md
index 44c745c9d..d6b71d7c0 100644
--- a/README.md
+++ b/README.md
@@ -51,39 +51,83 @@ web-based cross-browser testing tools for this project.
         - Stop map being underneath content sidebar/header. #1350 #361
         - Use Ajax/HTML5 history to pull in reports and improve map views.
           #1351 #1450 #1457 #1173
+        - Allow multiple states and categories to be filtered. #1547
+        - Invert area highlight on body pages. #1564
         - Allow users to change their own email. #360 #1440
+        - Improve change password form/success page. #1503
         - Allow scroll wheel to zoom map. #1326
         - Rename "Your reports" in main navigation to "Your account".
         - Centre map on pin location when creating a report.
         - Zoom into map after second click on marker.
         - Maintain single newlines in text output. #306
+        - JavaScript performance improvements. #1490 #1491
+        - Allow searching for reports with ref: prefix in postcode field. #1495
+        - Improve report form, with public, private, category sections. #1528
+        - Only show relevant bodies after category selection.
+        - Add update form name validation. #1493 #503 #1526
+        - Add CORS header to RSS output. #1540
+        - Switch MapQuest to HTTPS. #1505
+        - Better 403/404 pages.
     - Admin improvements:
         - Greatly improve report edit page, including map. #1347
+        - Improve category edit form, and display extra data. #1557 #1524
+        - Hide confirmed column on body page if all categories confirmed. #1565
         - Show any waiting reports on admin index page. #1382
-        - Allow user's phone number to be edited.
-        - And a report's category. #400
-        - /admin requires a logged-in user with the `is_superuser` flag. #1463
-        - `createsuperuser` command for creating superusers.
-        - Feature to create report as body/other user. #1473
+        - Allow user's phone number to be edited, and a report's category. #400
+        - New user system:
+            - /admin requires a user with the `is_superuser` flag. #1463
+            - `createsuperuser` command for creating superusers.
+            - Feature to create report as body/other user. #1473
+            - Add user permissions system. #1486
+            - Allow user to have an area assigned in admin. #1488
+            - Add inspector report detail view. #1470
+            - Add user shortlists. #1482
+            - Add response templates and priorities. #1500 #1517
+            - Add user reputation and trusted users. #1533
     - Bugfixes:
-        - Disallow empty name when creating/editing bodies in admin.
-        - Stop using collapse filter in category template.
+        - Front end:
+            - Fix photo preview display after submission. #1511
+            - Update list of TLDs for email checking. #1504
+            - Fix form validation issue with multiple IDs. #1513
+            - Don't show deleted bodies on /reports. #1545
+            - Stop using collapse filter in category template.
+            - Use default link zoom for all map types.
+            - Don't reload /reports or /my pages when filter updated.
+            - Don't show alert email box if signed in.
         - Do not send alerts for hidden reports. #1461
-        - Improve moderation display and email. #855
+        - Admin:
+            - Fix contact editing of Open311 categories. #1535
+            - Show 'Remove from site' button based on report. #1508
+            - Improve moderation display and email. #855
+            - Fix invalid SQL being generated by moderation lookup. #1489
+            - Disallow empty name when creating/editing bodies.
+            - Fix a crash on /admin/timeline.
     - Development improvements:
-        - make_css: Add output style option.
-        - make_css: Follow symlinks.
-        - Remove some unused CSS, and simplify full-width. #1423
-        - Tidy up/harden some Open311 handling. #1428
-        - Add config for Open311 request limit, default 1000. #1313
-        - Use static validation_rules.js file. #1451
-        - Remove need to customise OpenLayers built script. #1448
-        - Refactor and tidy all the JavaScript. #913
-        - Speed up tests by stubbing out calls to Gaze.
-        - Tests can run multiple times simultaneously. #1477
+        - CSS:
+            - make_css: Add output style option.
+            - make_css: Follow symlinks.
+            - Remove some unused CSS, and simplify full-width. #1423
+            - Add generic .form-control and .btn classes.
+        - Open311:
+            - Tidy up/harden some handling. #1428
+            - Add config for request limit, default 1000. #1313
+            - Automatically spot co-ord/ID attributes. #1499
+            - Make sure passed coordinate is decimal.
+        - JavaScript:
+            - Use static validation_rules.js file. #1451
+            - Remove need to customise OpenLayers built script. #1448
+            - Refactor and tidy all the JavaScript. #913
+            - Prefer using an auto.min.js file if present/newer. #1491
+        - Testing:
+            - Speed up tests by stubbing out calls to Gaze.
+            - Tests can run multiple times simultaneously. #1477
+            - run-tests with no arguments runs all tests.
         - Don’t cache geocoder results when STAGING_SITE is 1. #1447
         - Make UPLOAD_DIR/GEO_CACHE relative to project root. #1474
         - Change add_links from a function to a filter. #1487
+        - Optionally skip some cobrand restrictions. #1529
+        - Allow contact form recipient override and extra fields.
+        - Add server-side MapIt proxy.
     - Vagrant installation improvements:
         - Improve error handling.
         - Don't add a symlink if it is to the same place.
@@ -91,6 +135,11 @@ web-based cross-browser testing tools for this project.
         - Drop support for IE6. #1356
     - UK
         - Better handling of two-tier reports. #1381
+        - Allow limited admin access to body users on their own cobrands.
+        - Add Content-Security-Policy header.
+
+The Open311 adapter code has been moved to its own repository at
+<https://github.com/mysociety/open311-adapter>.
 
 * v1.8.4 (6th July 2016)
     - Security:
@@ -218,6 +267,15 @@ web-based cross-browser testing tools for this project.
         - Don't show app next step if used app. #1305
         - House Rules. #890 #1311
 
+* v1.7.2 (6th July 2016)
+    - Security:
+        - Fix XSS vulnerability in OpenGraph header and hide/all pins links.
+
+* v1.7.1 (3rd May 2016)
+    - Security:
+        - Fix vulnerability in image upload that allowed external
+          command execution.
+
 * v1.7 (23rd October 2015)
     - Front end improvements:
         - Add right-to-left design option. #1209
@@ -272,6 +330,15 @@ web-based cross-browser testing tools for this project.
         - Allow underscore in cobrand name/data. #1236
         - Add a development URL to see check email pages. #1211
 
+* v1.6.3 (6th July 2016)
+    - Security:
+        - Fix XSS vulnerability in OpenGraph header and hide/all pins links.
+
+* v1.6.2 (3rd May 2016)
+    - Security:
+        - Fix vulnerability in image upload that allowed external
+          command execution.
+
 * v1.6.1 (31st July 2015)
     - Bugfixes:
         - Fix bug introduced in last release when setting multiple areas