commit 83d942b8cc24ad388bc1d64b04efdc3084ff0f37
author David Pursehouse <dpursehouse@collab.net> Mon Jan 07 10:13:09 2019 +0900
committer David Pursehouse <dpursehouse@collab.net> Thu Jan 10 21:27:56 2019 +0900
tree f5d2056cb164375a640d40ec1db0965095fdc5f1
parent a06bd679733028c4627ad43347c40bede10402a7

Update 2.14.18 release notes

Change-Id: Ia59abbe9231d4f8fc06fd403b56cc8a8cc10bd2f

pages/site/releases/2.14.md

diff --git a/pages/site/releases/2.14.md b/pages/site/releases/2.14.md
index 0b82baa..e1768d8 100644
--- a/pages/site/releases/2.14.md
+++ b/pages/site/releases/2.14.md
@@ -343,6 +343,23 @@
 
 ### 2.14.18
 
+* [Issue 10262](https://bugs.chromium.org/p/gerrit/issues/detail?id=10262):
+Upgrade JGit to 4.7.7.201812240805-r to fix validation of `wants` in
+`git-upload-pack` for protocol v0 bidirectional transports.
+
+  AdvertiseRefsHook was not called for `git-upload-pack` in protocol v0
+  bidirectional transports, meaning that `wants` were not validated and
+  a user could fetch anything that is pointed to by any ref (using fetch-by-sha1),
+  as long as they could guess the object name.
+
+* [Issue 10242](https://bugs.chromium.org/p/gerrit/issues/detail?id=10242):
+Fix regression that allows a user's account to be taken over when multiple
+authentication providers are in use.
+
+  A regression introduced in 2.14.7 allowed a user's account to be taken
+  over by creating an account on a different provider with exactly the same
+  username as the existing Gerrit account.
+
 * [Issue 10112](https://bugs.chromium.org/p/gerrit/issues/detail?id=10112):
 Upgrade rules_closure to make Gerrit buildable with the latest Bazel version.