chore: Add CVE id to history for 4.6.3

rgrove · Mar 20, 2018 · f5a2686 · f5a2686
1 parent 5f66eb1
commit f5a2686
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/HISTORY.md b/HISTORY.md
@@ -2,7 +2,8 @@
 
 ## 4.6.3 (2018-03-19)
 
-* Fixed an HTML injection vulnerability that could allow XSS.
+* [CVE-2018-3740][176]: Fixed an HTML injection vulnerability that could allow
+  XSS.
 
   When Sanitize <= 4.6.2 is used in combination with libxml2 >= 2.9.2, a
   specially crafted HTML fragment can cause libxml2 to generate improperly
@@ -15,6 +16,8 @@
   Many thanks to the Shopify Application Security Team for responsibly reporting
   this issue.
 
+[176]:https://github.com/rgrove/sanitize/issues/176
+
 ## 4.6.2 (2018-03-19)
 
 * Reduced string allocations to optimize memory usage. [@janklimo - #175][175]