From 002edca796f4e69e53d0491e5b1319955082ed02 Mon Sep 17 00:00:00 2001
From: Armin Ronacher <armin.ronacher@active-4.com>
Date: Thu, 29 Dec 2016 14:14:44 +0100
Subject: Updated changelog

---
 CHANGES | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'CHANGES')

diff --git a/CHANGES b/CHANGES
index 4e5df26c..e3e75820 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,9 +4,12 @@ Jinja2 Changelog
 Version 2.8.1
 -------------
 
-(unreleased bugfix release)
+(bugfix release, released on December 29th 2016)
 
 - Fixed the `for_qs` flag for `urlencode`.
+- SECURITY: if the sandbox mode is used format expressions are now sandboxed
+  with the same rules as in Jinja.  This solves various information leakage
+  problems that can occur with format strings.
 
 Version 2.8
 -----------
-- 
cgit v1.2.3