Added CVE-2019-12308 to the security release archive.

author: Nick Pope <nick.pope@flightdataservices.com> 2019-06-03 20:17:39 +0100
committer: Carlton Gibson <carlton@noumenal.es> 2019-06-03 21:44:55 +0200
commit: 21b1d239125f1228e579b1ce8d94d4d5feadd2a6 (patch)
tree: ef6f80b94f87398365f1bf3ec51faa8dce997108 /docs/releases/security.txt
parent: 8fb0ea55830321852a4a051a478f78e24d4f6889 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/docs/releases/security.txt b/docs/releases/security.txt
index e318c62bf7..d26669d63a 100644
--- a/docs/releases/security.txt
+++ b/docs/releases/security.txt
@@ -948,3 +948,16 @@ Versions affected
 
 * Django 2.2 :commit:`(patch) <baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad>`
 * Django 2.1 :commit:`(patch) <95649bc08547a878cebfa1d019edec8cb1b80829>`
+
+June 3, 2019 - :cve:`2019-12308`
+--------------------------------
+
+XSS via "Current URL" link generated by ``AdminURLFieldWidget``. `Full
+description <https://www.djangoproject.com/weblog/2019/jun/03/security-releases/>`__
+
+Versions affected
+~~~~~~~~~~~~~~~~~
+
+* Django 2.2 :commit:`(patch) <afddabf8428ddc89a332f7a78d0d21eaf2b5a673>`
+* Django 2.1 :commit:`(patch) <09186a13d975de6d049f8b3e05484f66b01ece62>`
+* Django 1.11 :commit:`(patch) <c238701859a52d584f349cce15d56c8e8137c52b>`
author	Nick Pope <nick.pope@flightdataservices.com>	2019-06-03 20:17:39 +0100
committer	Carlton Gibson <carlton@noumenal.es>	2019-06-03 21:44:55 +0200
commit	21b1d239125f1228e579b1ce8d94d4d5feadd2a6 (patch)
tree	ef6f80b94f87398365f1bf3ec51faa8dce997108 /docs/releases/security.txt
parent	8fb0ea55830321852a4a051a478f78e24d4f6889 (diff)