From df7fa1fd41bfb08b73252f0997cd1b9af0c73174 Mon Sep 17 00:00:00 2001
From: Richard Hansen <rhansen@rhansen.org>
Date: Sun, 20 Sep 2020 15:21:46 -0400
Subject: [PATCH] changelog: Mention fix for authz bypass vulnerability in
 1.8.6 (#4318)

---
 CHANGELOG.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 69d5568bf..093150284 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,9 +3,9 @@
 
 # 1.8.6
 * IMPORTANT: This fixes a severe problem with postgresql in 1.8.5
-* SECURITY: Fix authentication bypass vulnerability
+* SECURITY: Fix authentication and authorization bypass vulnerabilities
 * API: Update version to 1.2.15
-* FEATURE: Add copyPadWithoutHistory API (#4295) 
+* FEATURE: Add copyPadWithoutHistory API (#4295)
 * FEATURE: Package more asset files to save http requests (#4286)
 * MINOR: Improve UI when reconnecting
 * TESTS: Improve tests