From df09e39f12317cc37c33a3fc9d0e3342bebd3621 Mon Sep 17 00:00:00 2001
From: Mahmood Ali <mahmood@hashicorp.com>
Date: Tue, 4 Jun 2019 15:11:00 -0400
Subject: [PATCH] changelog GH-5728

---
 CHANGELOG.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ef34d1aa5..ffd39092e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,13 @@
 ## 0.9.2 (Unreleased)
 
+SECURITY:
+
+* driver/exec: Fix privilege escalation issue introduced in Nomad 0.9.0.  In
+  Nomad 0.9.0 and 0.9.1, exec tasks by default run as `nobody` but with
+  elevated capabilities, allowing tasks to perform privileged linux operations
+  and potentially escalate permissions. (CVE-2019-12618)
+  [[GH-5728](https://github.com/hashicorp/nomad/pull/5728)]
+
 __BACKWARDS INCOMPATIBILITIES:__
 
  * api: The `api` package removed `Config.SetTimeout` and `Config.ConfigureTLS` functions, intended