[2.1.x] Added CVE-2019-12308 to the security release archive.

Backport of 21b1d239125f1228e579b1ce8d94d4d5feadd2a6 from master
author: Nick Pope <nick.pope@flightdataservices.com> 2019-06-03 20:17:39 +0100
committer: Carlton Gibson <carlton.gibson@noumenal.es> 2019-06-03 21:46:58 +0200
commit: d58f8e4235001a1673bf62bfe3e397fc9bbb41b4 (patch)
tree: 2e374140eb9e774cff0a672c1073be488ebb76aa
parent: 8827e0994473225bbb1a8c6c26a07d06bbc94305 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/docs/releases/security.txt b/docs/releases/security.txt
index e318c62bf7..d26669d63a 100644
--- a/docs/releases/security.txt
+++ b/docs/releases/security.txt
@@ -948,3 +948,16 @@ Versions affected
 
 * Django 2.2 :commit:`(patch) <baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad>`
 * Django 2.1 :commit:`(patch) <95649bc08547a878cebfa1d019edec8cb1b80829>`
+
+June 3, 2019 - :cve:`2019-12308`
+--------------------------------
+
+XSS via "Current URL" link generated by ``AdminURLFieldWidget``. `Full
+description <https://www.djangoproject.com/weblog/2019/jun/03/security-releases/>`__
+
+Versions affected
+~~~~~~~~~~~~~~~~~
+
+* Django 2.2 :commit:`(patch) <afddabf8428ddc89a332f7a78d0d21eaf2b5a673>`
+* Django 2.1 :commit:`(patch) <09186a13d975de6d049f8b3e05484f66b01ece62>`
+* Django 1.11 :commit:`(patch) <c238701859a52d584f349cce15d56c8e8137c52b>`
author	Nick Pope <nick.pope@flightdataservices.com>	2019-06-03 20:17:39 +0100
committer	Carlton Gibson <carlton.gibson@noumenal.es>	2019-06-03 21:46:58 +0200
commit	d58f8e4235001a1673bf62bfe3e397fc9bbb41b4 (patch)
tree	2e374140eb9e774cff0a672c1073be488ebb76aa
parent	8827e0994473225bbb1a8c6c26a07d06bbc94305 (diff)