Add changelog for 3.3.14 (#1204)

pages/changelog.rst

@@ -2,6 +2,25 @@
 Changelog
 *********
 
+Graylog 3.3.14
+==============
+
+Released: 2021-07-28
+
+Core
+^^^^
+
+**Security**
+
+Session ID leak in Graylog DEBUG log file and audit log.
+
+We recently discovered a session ID leak in the Graylog DEBUG log file as well as the audit log. A user can use a session ID to authenticate against Graylog and then this user has access to all the permissions associated with the owner of the session ID.
+
+The ID was printed in DEBUG level log messages (DEBUG is not enabled by default) as well as the Graylog Enterprise Audit Log. By default, the Graylog Audit Log is only logging to the local database and only accessible by Graylog administrators.
+
+We would like to thank David Herbstmann for discovering and responsibly disclosing this vulnerability.
+
+
 Graylog 3.3.13
 ==============
 

pages/enterprise/changelog.rst

@@ -2,6 +2,25 @@
 Changelog
 *********
 
+Graylog Enterprise 3.3.14
+=========================
+
+Released: 2021-07-28
+
+Enterprise
+----------
+
+**Security**
+
+Session ID leak in Graylog DEBUG log file and audit log.
+
+We recently discovered a session ID leak in the Graylog DEBUG log file as well as the audit log. A user can use a session ID to authenticate against Graylog and then this user has access to all the permissions associated with the owner of the session ID.
+
+The ID was printed in DEBUG level log messages (DEBUG is not enabled by default) as well as the Graylog Enterprise Audit Log. By default, the Graylog Audit Log is only logging to the local database and only accessible by Graylog administrators.
+
+We would like to thank David Herbstmann for discovering and responsibly disclosing this vulnerability.
+
+
 Graylog Enterprise 3.3.13
 =========================