Merge branch 'cve-2022-25647' into 'master'

Amend changelog with CVE ID for CVE-2022-25647 See merge request !1041

Merge branch 'cve-2022-25647' into 'master'
7b69c91b · Nik | Klampfradler · 8ebf13f3 · 45b4105b · 7b69c91b
Commit 7b69c91b authored 2 years ago by Nik | Klampfradler
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -29,15 +29,15 @@ Fixed
 * The menu button used to be displayed twice on smaller screens.
 * The icons were loaded from external servers instead from local server.
 * Weekdays were not translated if system locales were missing
-  
+
  * Added locales-all to base image and note to docs

 * The icons in the account menu were still the old ones.
 * Due to a merge error, the once removed account menu in the sidenav appeared again.
 * Scheduled notifications were shown on dashboard before time.
 * Remove broken notifications menu item in favor of item next to account menu.
-* [OAuth2] Resources which are protected with client credentials 
-  allowed access if no scopes were allowed.
+* [OAuth2] Resources which are protected with client credentials
+  allowed access if no scopes were allowed (CVE-2022-29773).
 * The site logo could overlap with the menu for logos with an unexpected aspect ratio.
 * Some OAuth2 views stopped working with long scope names.
 * Resetting password was impossible due to a missing rule