Correcting NEWS and CHANGES discrepancies

1 files changed, 24 insertions, 3 deletions

diff --git a/NEWS b/NEWS
index 07d0f9f81..9096f1808 100644
--- a/NEWS
+++ b/NEWS
@@ -38,7 +38,17 @@ This version has not been released yet.
 Version 1.2.1
 -------------
 
-This version has not been released yet.
+ * Fixed CVE-2012-5641: Apache CouchDB Information disclosure via unescaped
+   backslashes in URLs on Windows
+ * Fixed CVE-2012-5649: Apache CouchDB JSONP arbitrary code execution with Adobe
+   Flash
+ * Fixed CVE-2012-5650: Apache CouchDB DOM based Cross-Site Scripting via Futon
+   UI
+ * Fix various bugs in the URL rewriter when recursion is involved.
+ * Fix couchdb start script.
+ * Futon: Disable buttons that aren't available for the logged-in user.
+ * Fix potential replication timeouts.
+ * Change use of signals to avoid broken view groups.
 
 Version 1.2.0
 -------------
@@ -88,11 +98,22 @@ This release contains backwards incompatible changes.
 Version 1.1.2
 -------------
 
-This version has not been released yet.
-
+ * Fixed CVE-2012-5641: Apache CouchDB Information disclosure via unescaped
+   backslashes in URLs on Windows
+ * Fixed CVE-2012-5649: Apache CouchDB JSONP arbitrary code execution with
+   Adobe Flash
+ * Fixed CVE-2012-5650: Apache CouchDB DOM based Cross-Site Scripting via Futon
+   UI
  * ETag of attachment changes only when the attachment changes, not
    the document.
  * Fix pull replication of documents with many revisions.
+ * Fix replication with an HTTP source and target
+ * Avoid invalidating view indexes when running out of file descriptors.
+ * Improvements to log messages for file-related errors.
+ * Fix retrieval of headers larger than 4k.
+ * Allow OPTIONS HTTP method for list requests.
+ * Don't attempt to encode invalid json.
+ * Improve SpiderMonkey version detection.
 
 Version 1.1.1
 -------------