From bffeab45c838ae32fd1b2f1c2413f3191d83796f Mon Sep 17 00:00:00 2001
From: Simon Michael <simon@joyful.com>
Date: Tue, 24 Aug 2021 05:14:24 -1000
Subject: [PATCH] ;doc: update changelogs

---
 CHANGES.md             |  2 +-
 hledger-lib/CHANGES.md |  2 +-
 hledger-ui/CHANGES.md  |  2 +-
 hledger-web/CHANGES.md | 11 ++++++++++-
 hledger/CHANGES.md     |  2 +-
 5 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 636a86e78..cfb9182ef 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -9,7 +9,7 @@
 General changes in the hledger project (and notable all-package releases).
 For package-specific changes and minor releases, see the hledger package changelogs.
 
-# 2c96e6f1f
+# 53d9455bd
 
 - `make list-commits` and `make showauthors` show those things.
 
diff --git a/hledger-lib/CHANGES.md b/hledger-lib/CHANGES.md
index 6cea6725c..6aaad7d4d 100644
--- a/hledger-lib/CHANGES.md
+++ b/hledger-lib/CHANGES.md
@@ -9,7 +9,7 @@
 Internal/api/developer-ish changes in the hledger-lib (and hledger) packages.
 For user-visible changes, see the hledger package changelog.
 
-# 06312c353
+# 53d9455bd
 
 API changes
 
diff --git a/hledger-ui/CHANGES.md b/hledger-ui/CHANGES.md
index 8e4b045b3..0e06f0c1a 100644
--- a/hledger-ui/CHANGES.md
+++ b/hledger-ui/CHANGES.md
@@ -9,7 +9,7 @@
 User-visible changes in hledger-ui.
 See also the hledger changelog.
 
-# a3cacca71
+# 53d9455bd
 
 Improvements
 
diff --git a/hledger-web/CHANGES.md b/hledger-web/CHANGES.md
index 9c0c80d84..845146904 100644
--- a/hledger-web/CHANGES.md
+++ b/hledger-web/CHANGES.md
@@ -9,7 +9,7 @@ __      _____| |__
 User-visible changes in hledger-web.
 See also the hledger changelog.
 
-# ddeeee604
+# 53d9455bd
 
 Improvements
 
@@ -23,6 +23,15 @@ Improvements
 
 - Require base >=4.11, prevent red squares on Hackage's build matrix.
 
+Fixes
+
+- An XSS (cross-site scripting) vulnerability has been fixed.
+  Previously (since hledger-web 0.24), javascript code could be added 
+  to any autocompleteable field and could be executed automatically 
+  by subsequent visitors viewing the journal.
+  Thanks to Gaspard Baye and Hamidullah Muslih for reporting this vulnerability.
+  (#1525, Arsen Arsenović)
+
 # 1.22.2 2021-08-07
 
 - Use hledger 1.22.2.
diff --git a/hledger/CHANGES.md b/hledger/CHANGES.md
index 80fa69783..39d784da5 100644
--- a/hledger/CHANGES.md
+++ b/hledger/CHANGES.md
@@ -9,7 +9,7 @@
 User-visible changes in the hledger command line tool and library.
 
 
-# 0ce518f12
+# 53d9455bd
 
 Features