Merge pull request #5790 from rtfd/davidfischer/changelog-security-update

ericholscher · web-flow · commit 8258a3c98eae · 2019-06-11T17:11:05.000-07:00
Mention security issue in the changelog
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -11,6 +11,12 @@ This is a quick hotfix to the previous version.
 Version 3.5.1
 -------------
 
+This version contained a `security fix <https://github.com/rtfd/readthedocs.org/security/advisories/GHSA-2mw9-4c46-qrcv>`_
+for an open redirect issue.
+The problem has been fixed and deployed on readthedocs.org.
+For users who depend on the Read the Docs code line for a private instance of Read the Docs,
+you are encouraged to update to 3.5.1 as soon as possible.
+
 :Date: June 11, 2019
 
 * `@stsewd <http://github.com/stsewd>`__: Update build images in docs (`#5782 <https://github.com/rtfd/readthedocs.org/pull/5782>`__)
diff --git a/docs/security.rst b/docs/security.rst
@@ -87,7 +87,7 @@ Security issue archive
 Version 3.5.1
 ~~~~~~~~~~~~~
 
-Version 3.5.1 fixed an issue where that affected projects with "prefix" or "sphinx" user-defined redirects.
+:ref:`changelog:Version 3.5.1` fixed an issue that affected projects with "prefix" or "sphinx" user-defined redirects.
 The issue allowed the creation of hyperlinks that looked like they would go to a documentation domain
 on Read the Docs (either ``*.readthedocs.io`` or a custom docs domain) but instead went to a different domain.
 
