From 61fd92498db72bc511effa8c15274596afbb5010 Mon Sep 17 00:00:00 2001
From: Andrey Andreev <narf@devilix.net>
Date: Fri, 6 Jan 2017 11:47:34 +0200
Subject: [ci skip] Add a changelog entry for #4963

---
 user_guide_src/source/changelog.rst | 1 +
 1 file changed, 1 insertion(+)

(limited to 'user_guide_src')

diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index fff17110e..b60a90949 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -11,6 +11,7 @@ Release Date: Not Released
 
    -  Fixed an XSS vulnerability in :doc:`Security Library <libraries/security>` method ``xss_clean()``.
    -  Fixed a possible file inclusion vulnerability in :doc:`Loader Library <libraries/loader>` method ``vars()``.
+   -  Fixed a possible remote code execution vulnerability in the :doc:`Email Library <libraries/email>` when 'mail' or 'sendmail' are used (thanks to Paul Buonopane from `NamePros <https://www.namepros.com/>`_).
    -  Added protection against timing side-channel attacks in :doc:`Security Library <libraries/security>` method ``csrf_verify()``.
    -  Added protection against BREACH attacks targeting the CSRF token field generated by :doc:`Form Helper <helpers/form_helper>` function :php:func:`form_open()`.
 
-- 
cgit v1.2.3-24-g4f1b