From 913fa2cbbfca0f394716ac30c6f910b461f3e8f6 Mon Sep 17 00:00:00 2001
From: Delta Regeer <xistence@0x58.com>
Date: Tue, 13 Aug 2024 22:44:24 -0600
Subject: [PATCH] Update CHANGES.txt

---
 CHANGES.txt | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/CHANGES.txt b/CHANGES.txt
index ca33450f..0c01a763 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,3 +1,17 @@
+1.8.8 (2024-08-13)
+------------------
+
+Security Fix
+~~~~~~~~~~~~
+
+- The use of WebOb's Response object to redirect a request to a new location
+  can lead to an open redirect if the Location header is not a full URI.
+
+  See https://github.com/Pylons/webob/security/advisories/GHSA-mg3v-6m49-jhp3
+  and CVE-2024-42353
+
+  Thanks to Sara Gao for the report
+
 1.8.7 (2021-02-17)
 ------------------