Updating news with CVE

commit: 271299581b33166ca3001013e71c7a2ee423a0b0 [log] [tgz]
author: Dan Klco <dklco@apache.org> Wed Mar 25 07:45:38 2020 -0400
committer: Dan Klco <dklco@apache.org> Wed Mar 25 07:45:38 2020 -0400
tree: 70dca520a87ee2cce8cf3d3d777fa6fea71b5af9
parent: f50dbfead5d9e47100044b6d9b5c6d58b89e8c51 [diff]
diff --git a/src/main/jbake/content/news.md b/src/main/jbake/content/news.md
index d02063c..a7499e0 100644
--- a/src/main/jbake/content/news.md
+++ b/src/main/jbake/content/news.md

@@ -4,6 +4,8 @@
 tags=news
 tableOfContents=false
 ~~~~~~
+
+* Vulnerability report and fix: CVE-2020-1949: Apache Sling CMS Reflected XSS Vulnerability (March 24th, 2020), see [http://s.apache.org/CVE-2020-1949](http://s.apache.org/CVE-2020-1949)
 * The [adaptTo() 2019 conference](https://adapt.to/2019/) took place in Berlin, Germany. (September 2-4, 2019).
 * Released [Apache Sling 11](/news/sling-11-released.html) (October 23rd, 2018).
 * The [adaptTo() 2018 conference](https://adapt.to/2018/) took place in Potsdam, Germany. (September 10-12, 2018).
commit	271299581b33166ca3001013e71c7a2ee423a0b0	[log] [tgz]
author	Dan Klco <dklco@apache.org>	Wed Mar 25 07:45:38 2020 -0400
committer	Dan Klco <dklco@apache.org>	Wed Mar 25 07:45:38 2020 -0400
tree	70dca520a87ee2cce8cf3d3d777fa6fea71b5af9
parent	f50dbfead5d9e47100044b6d9b5c6d58b89e8c51 [diff]