Nik | Klampfradler · c11fd226 · 45b4105b · c11fd226
--- a/CHANGELOG.rst

+ 3

− 3
+++ b/CHANGELOG.rst

+ 3

− 3
 @@ -29,15 +29,15 @@ Fixed
 * The menu button used to be displayed twice on smaller screens.
 * The icons were loaded from external servers instead from local server.
 * Weekdays were not translated if system locales were missing
-  
+
  * Added locales-all to base image and note to docs

 * The icons in the account menu were still the old ones.
 * Due to a merge error, the once removed account menu in the sidenav appeared again.
 * Scheduled notifications were shown on dashboard before time.
 * Remove broken notifications menu item in favor of item next to account menu.
-* [OAuth2] Resources which are protected with client credentials 
-  allowed access if no scopes were allowed.
+* [OAuth2] Resources which are protected with client credentials
+  allowed access if no scopes were allowed (CVE-2022-29773).
 * The site logo could overlap with the menu for logos with an unexpected aspect ratio.
 * Some OAuth2 views stopped working with long scope names.
 * Resetting password was impossible due to a missing rule