From 22cb50a7ad3ce954411b03aaa6c7ce4e245d76e5 Mon Sep 17 00:00:00 2001
From: Fabien Potencier <fabien@potencier.org>
Date: Wed, 1 Aug 2018 16:47:43 +0200
Subject: [PATCH] updated CHANGELOG for 3.4.14

---
 CHANGELOG-3.4.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/CHANGELOG-3.4.md b/CHANGELOG-3.4.md
index 94bbcf155c..f0cde9e267 100644
--- a/CHANGELOG-3.4.md
+++ b/CHANGELOG-3.4.md
@@ -7,6 +7,16 @@ in 3.4 minor versions.
 To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash
 To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v3.4.0...v3.4.1
 
+* 3.4.14 (2018-08-01)
+
+ * security #cve-2018-14774 [HttpKernel] fix trusted headers management in HttpCache and InlineFragmentRenderer (nicolas-grekas)
+ * security #cve-2018-14773 [HttpFoundation] Remove support for legacy and risky HTTP headers (nicolas-grekas)
+ * bug #28003 [HttpKernel] Fixes invalid REMOTE_ADDR in inline subrequest when configuring trusted proxy with subnet (netiul)
+ * bug #28007 [FrameworkBundle] fixed guard event names for transitions (destillat)
+ * bug #28045 [HttpFoundation] Fix Cookie::isCleared (ro0NL)
+ * bug #28080 [HttpFoundation] fixed using _method parameter with invalid type (Phobetor)
+ * bug #28052 [HttpKernel] Fix merging bindings for controllers' locators (nicolas-grekas)
+
 * 3.4.13 (2018-07-23)
 
  * bug #28005 [HttpKernel] Fixed templateExists on parse error of the template name (yceruto)