From b120368aee7010a63a841537a226f8c62ecd6a6c Mon Sep 17 00:00:00 2001
From: Lisa Cawley <lcawley@elastic.co>
Date: Tue, 18 Aug 2020 12:00:21 -0700
Subject: [PATCH] [DOCS] Add security updates to release notes (#61288)
 (#61296)

---
 docs/reference/release-notes/7.9.asciidoc | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/docs/reference/release-notes/7.9.asciidoc b/docs/reference/release-notes/7.9.asciidoc
index 45014c90a00..30db5d3f8a2 100644
--- a/docs/reference/release-notes/7.9.asciidoc
+++ b/docs/reference/release-notes/7.9.asciidoc
@@ -3,6 +3,18 @@
 
 Also see <<breaking-changes-7.9,Breaking changes in 7.9>>.
 
+[float]
+[[security-updates-7.9.0]]
+=== Security updates
+
+* A field disclosure flaw was found in {es} when running a scrolling search with
+field level security. If a user runs the same query another more privileged user
+recently ran, the scrolling search can leak fields that should be hidden. This
+could result in an attacker gaining additional permissions against a restricted
+index. All versions of {es} before 7.9.0 and 6.8.12 are affected by this flaw.
+You must upgrade to {es} version 7.9.0 or 6.8.12 to obtain the fix.
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7019[CVE-2020-7019]
+
 [[known-issues-7.9.0]]
 [discrete]
 === Known issues