NEWS

(cherry picked from commit 24f7790)
(cherry picked from commit 027bdbc)
(cherry picked from commit fbeed18)

Author: remicollet

NEWS

@@ -6,6 +6,8 @@ Backported from 8.1.28
 - Standard:
   . Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to
     partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
+  . Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true,
+    opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)
 
 Backported from 8.0.30