From c02d2d132010129a46cfdd9f8b67c2327946e863 Mon Sep 17 00:00:00 2001
From: Court Ewing <court@epixa.com>
Date: Tue, 15 Nov 2016 11:41:32 -0500
Subject: [PATCH] docs: 5.0.1 security fix

---
 docs/index.asciidoc               | 2 ++
 docs/release-notes/5.0.1.asciidoc | 9 +++++++++
 2 files changed, 11 insertions(+)

diff --git a/docs/index.asciidoc b/docs/index.asciidoc
index f1d9cc3d0881eb..2ac0934f45d457 100644
--- a/docs/index.asciidoc
+++ b/docs/index.asciidoc
@@ -14,6 +14,8 @@ release-state can be: released | prerelease | unreleased
 :xpack-ref:      https://www.elastic.co/guide/en/x-pack/current/
 :issue:          https://github.com/elastic/kibana/issues/
 :pull:           https://github.com/elastic/kibana/pull/
+:commit:         https://github.com/elastic/kibana/commit/
+:security:       https://www.elastic.co/community/security/
 
 
 include::introduction.asciidoc[]
diff --git a/docs/release-notes/5.0.1.asciidoc b/docs/release-notes/5.0.1.asciidoc
index f84b43b3cd8f62..969223e415cd81 100644
--- a/docs/release-notes/5.0.1.asciidoc
+++ b/docs/release-notes/5.0.1.asciidoc
@@ -3,6 +3,15 @@
 
 Also see <<breaking-changes-5.0>>.
 
+[float]
+[[security-5.0.1]]
+=== Security fixes
+An Open Redirect vulnerability has been fixed with the short URL feature.
+Previously, a malicious user could use the internal API that powers the short
+URL feature to create a short URL in kibana that redirected to a different
+domain. +
+{security}ESA-2016-08[ESA-2016-08] ({commit}92ae3ae[92ae3ae])
+
 [float]
 [[bug-5.0.1]]
 === Bug fixes