Fix #2097 for 2.6.7.2

commit: 87d29af25e82a249ea15858e2d4ecbf64091db44 [log] [tgz]
author: Tatu Saloranta <tatu.saloranta@iki.fi> Thu Aug 16 14:42:57 2018 -0700
committer: Tatu Saloranta <tatu.saloranta@iki.fi> Thu Aug 16 14:42:57 2018 -0700
tree: b1e21ec1276c672befe9d1a022f0fbbe701b7ece
parent: a054585e2175ad0882f07bcafedecfac86230f1b [diff] [blame]
diff --git a/release-notes/VERSION b/release-notes/VERSION
index 859acc7..30efa6f 100644
--- a/release-notes/VERSION
+++ b/release-notes/VERSION

@@ -5,7 +5,10 @@
 ------------------------------------------------------------------------
 
 2.6.7.2 (not yet released)
+
 #1737: Block more JDK types from polymorphic deserialization
+#2097: Block more classes from polymorphic deserialization (CVE-2018-14718
+  - CVE-2018-14721)
 
 2.6.7.1 (11-Jul-2017)
commit	87d29af25e82a249ea15858e2d4ecbf64091db44	[log] [tgz]
author	Tatu Saloranta <tatu.saloranta@iki.fi>	Thu Aug 16 14:42:57 2018 -0700
committer	Tatu Saloranta <tatu.saloranta@iki.fi>	Thu Aug 16 14:42:57 2018 -0700
tree	b1e21ec1276c672befe9d1a022f0fbbe701b7ece
parent	a054585e2175ad0882f07bcafedecfac86230f1b [diff] [blame]