update release notes with CVE-2022-46751

commit: 6c0560f93ca421bc5ce210010b3c5f0bff01f2d9 [log] [tgz]
author: Stefan Bodewig <bodewig@apache.org> Sun Aug 20 11:59:44 2023 +0200
committer: Stefan Bodewig <bodewig@apache.org> Sun Aug 20 11:59:44 2023 +0200
tree: 0600a2ae372b45c6aae03499d7ae1e492ccf03bc
parent: 2be17bc18b0e1d4123007d579e43ba1a4b6fab3d [diff]
diff --git a/asciidoc/release-notes.adoc b/asciidoc/release-notes.adoc
index 9f34ae9..653fa9a 100644
--- a/asciidoc/release-notes.adoc
+++ b/asciidoc/release-notes.adoc

@@ -19,7 +19,7 @@
 
 = Ivy Release Announcement
 
-XXXX Date XXXX - The Apache Ivy project is pleased to announce its 2.5.2 release.
+August 20 2023 - The Apache Ivy project is pleased to announce its 2.5.2 release.
 
 == What is Ivy?
 Apache Ivy is a tool for managing (recording, tracking, resolving and reporting) project dependencies, characterized by flexibility,
@@ -38,6 +38,7 @@
 
 - FIX: reading POMs may loose dependencies when multiple Maven
   dependencies only differ in `classifier` (jira:IVY-1642[])
+- Fixes a Security Vulnerability, see link:https://ant.apache.org/ivy/security.html[the scurity page] for details.
 
 == List of Changes in this Release
 
@@ -57,6 +58,7 @@
 - FIX: reading POMs may loose dependencies when multiple Maven
   dependencies only differ in `classifier` (jira:IVY-1642[])
 - IMPROVEMENT: Upgrade Apache HttpClient to 4.5.13 (jira:IVY-1644[])
+- FIX: CVE-2022-46751: Apache Ivy Is Vulnerable to XML External Entity Injections
 
 == Committers and Contributors
commit	6c0560f93ca421bc5ce210010b3c5f0bff01f2d9	[log] [tgz]
author	Stefan Bodewig <bodewig@apache.org>	Sun Aug 20 11:59:44 2023 +0200
committer	Stefan Bodewig <bodewig@apache.org>	Sun Aug 20 11:59:44 2023 +0200
tree	0600a2ae372b45c6aae03499d7ae1e492ccf03bc
parent	2be17bc18b0e1d4123007d579e43ba1a4b6fab3d [diff]