From a5c96d794ddace7b5906cd76b11157a1c71905fc Mon Sep 17 00:00:00 2001
From: Nicola Iarocci <nicola@nicolaiarocci.com>
Date: Mon, 4 Dec 2017 09:34:20 +0100
Subject: [PATCH] Changelog for #1091

---
 CHANGES | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGES b/CHANGES
index 8871c0712..01060b2d5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -11,6 +11,9 @@ Version 0.7.5
 
 Not yet released.
 
+- Fix: A query was not fully traversed in the sanitization. Therefore the
+  blacklist for mongo wueries could be bypassed, allowing for dangerous
+  ``$where`` queries (Moritz Schneider).
 
 Stable
 ------