Update 2.14.18 release notes
Change-Id: Ia59abbe9231d4f8fc06fd403b56cc8a8cc10bd2f
diff --git a/pages/site/releases/2.14.md b/pages/site/releases/2.14.md
index 0b82baa..e1768d8 100644
--- a/pages/site/releases/2.14.md
+++ b/pages/site/releases/2.14.md
@@ -343,6 +343,23 @@
### 2.14.18
+* [Issue 10262](https://bugs.chromium.org/p/gerrit/issues/detail?id=10262):
+Upgrade JGit to 4.7.7.201812240805-r to fix validation of `wants` in
+`git-upload-pack` for protocol v0 bidirectional transports.
+
+ AdvertiseRefsHook was not called for `git-upload-pack` in protocol v0
+ bidirectional transports, meaning that `wants` were not validated and
+ a user could fetch anything that is pointed to by any ref (using fetch-by-sha1),
+ as long as they could guess the object name.
+
+* [Issue 10242](https://bugs.chromium.org/p/gerrit/issues/detail?id=10242):
+Fix regression that allows a user's account to be taken over when multiple
+authentication providers are in use.
+
+ A regression introduced in 2.14.7 allowed a user's account to be taken
+ over by creating an account on a different provider with exactly the same
+ username as the existing Gerrit account.
+
* [Issue 10112](https://bugs.chromium.org/p/gerrit/issues/detail?id=10112):
Upgrade rules_closure to make Gerrit buildable with the latest Bazel version.