diff --git a/RELEASES.md b/RELEASES.md
index 79f9a58..ebee9fc 100644
--- a/RELEASES.md
+++ b/RELEASES.md
@@ -1,5 +1,8 @@
 ## Releases
 
+## 1.0.8
+Fixed security issue where a redirect (e.g. 302) to another domain would pass headers.  The fix was to strip the authorization header if the hostname was different.  More [details in PR #27](https://github.com/actions/http-client/pull/27)
+
 ## 1.0.7
 Update NPM dependencies and add 429 to the list of HttpCodes
 
@@ -13,4 +16,4 @@ Adds \<verb>Json() helper methods for json over http scenarios.
 Started to add \<verb>Json() helper methods.  Do not use this release for that.  Use >= 1.0.5 since there was an issue with types.
 
 ## 1.0.1 to 1.0.3
-Adds proxy support.
\ No newline at end of file
+Adds proxy support.