Update changelog

(cherry picked from commit 66fc3a30dd710712fa5b6d9dc2f6fa92689be021)
author: Florian Bruhin <git@the-compiler.org> 2018-06-21 23:30:27 +0200
committer: Florian Bruhin <git@the-compiler.org> 2018-06-21 23:30:38 +0200
commit: c88a94f1cc380c4e82dd0d1b18eb7411c7a0b892 (patch)
tree: b8b01aed78e2a6fdcf578b9b765116c68c19d353
parent: 13332cd2cf1c0d23461ae4772086757ce62c0545 (diff)
download: qutebrowser-c88a94f1cc380c4e82dd0d1b18eb7411c7a0b892.tar.gz
qutebrowser-c88a94f1cc380c4e82dd0d1b18eb7411c7a0b892.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/doc/changelog.asciidoc b/doc/changelog.asciidoc
index 3ea80be50..ba1162bb3 100644
--- a/doc/changelog.asciidoc
+++ b/doc/changelog.asciidoc
@@ -24,7 +24,8 @@ Security
 - An XSS vulnerability on the `qute://history` page allowed websites to inject
   HTML into the page via a crafted title tag. This could allow them to steal
   your browsing history. If you're currently unable to upgrade, avoid using
-  `:history`.
+  `:history`. A CVE request for this issue is pending, see
+  https://github.com/qutebrowser/qutebrowser/issues/4011[#4011] for updates.
 
 Fixed
 ~~~~~
author	Florian Bruhin <git@the-compiler.org>	2018-06-21 23:30:27 +0200
committer	Florian Bruhin <git@the-compiler.org>	2018-06-21 23:30:38 +0200
commit	c88a94f1cc380c4e82dd0d1b18eb7411c7a0b892 (patch)
tree	b8b01aed78e2a6fdcf578b9b765116c68c19d353
parent	13332cd2cf1c0d23461ae4772086757ce62c0545 (diff)
download	qutebrowser-c88a94f1cc380c4e82dd0d1b18eb7411c7a0b892.tar.gz qutebrowser-c88a94f1cc380c4e82dd0d1b18eb7411c7a0b892.zip