Update CVE id for #1599 in 2.8 release notes

cowtowncoder · cowtowncoder · commit ff427dd21d48 · 2020-04-26T10:05:16.000-07:00
diff --git a/release-notes/VERSION b/release-notes/VERSION
@@ -116,7 +116,7 @@ Project: jackson-databind
 #1585: Invoke ServiceLoader.load() inside of a privileged block when loading
   modules using `ObjectMapper.findModules()`
  (contributed by Ivo S)
-#1599: Jackson Deserializer security vulnerability
+#1599: Jackson Deserializer security vulnerability (CVE-2017-7525)
  (reported by ayound@github)
 #1607: @JsonIdentityReference not used when setup on class only
  (reported by vboulaye@github)
