From 45b4105b8d6136d2a9ed98434e15c75dee8011a1 Mon Sep 17 00:00:00 2001
From: Dominik George <dominik.george@teckids.org>
Date: Sat, 4 Jun 2022 14:11:22 +0200
Subject: [PATCH] Amend changelog with CVE ID for CVE-2022-29773

---
 CHANGELOG.rst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index aed11ae35..e18696176 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -29,15 +29,15 @@ Fixed
 * The menu button used to be displayed twice on smaller screens.
 * The icons were loaded from external servers instead from local server.
 * Weekdays were not translated if system locales were missing
-  
+
   * Added locales-all to base image and note to docs
 
 * The icons in the account menu were still the old ones.
 * Due to a merge error, the once removed account menu in the sidenav appeared again.
 * Scheduled notifications were shown on dashboard before time.
 * Remove broken notifications menu item in favor of item next to account menu.
-* [OAuth2] Resources which are protected with client credentials 
-  allowed access if no scopes were allowed.
+* [OAuth2] Resources which are protected with client credentials
+  allowed access if no scopes were allowed (CVE-2022-29773).
 * The site logo could overlap with the menu for logos with an unexpected aspect ratio.
 * Some OAuth2 views stopped working with long scope names.
 * Resetting password was impossible due to a missing rule
-- 
GitLab