Add a `[SECURITY]` to the changelog and update CVE-2023-40577

Some users have been vocal about the security fix not visible enough in the changelog, it seems like prometheus uses [SECURITY] to disclose these and I think it's a good practice.

A copy of #3487 but for the release branch of 0.25

Signed-off-by: gotjosh <josue.abreu@gmail.com>
This commit is contained in:
gotjosh 2023-08-25 11:23:06 +01:00
parent c0a6992c21
commit a4e8574be7
No known key found for this signature in database
GPG Key ID: A6E1DDE38FF3C74E
1 changed files with 1 additions and 1 deletions

View File

@ -1,6 +1,6 @@
## 0.25.1 / 2023-08-23
* [BUGFIX] Fix stored XSS via the /api/v1/alerts endpoint in the Alertmanager UI.
* [SECURITY] Fix stored XSS via the /api/v1/alerts endpoint in the Alertmanager UI. CVE-2023-40577
## 0.25.0 / 2022-12-22