diff --git a/doc/en/release_notes/centreon-2.8/centreon-2.8.27.rst b/doc/en/release_notes/centreon-2.8/centreon-2.8.27.rst
index d2b8f78e31e..e7e0958d6ef 100644
--- a/doc/en/release_notes/centreon-2.8/centreon-2.8.27.rst
+++ b/doc/en/release_notes/centreon-2.8/centreon-2.8.27.rst
@@ -5,31 +5,32 @@ Centreon Web 2.8.27
 Enhancements
 ============
 
+* [ACL] Improve ACL access on downtime and hostgroup form - PR #6962
 * [API] API for commands arguments descriptions - PR #7196
 * [API] Add showinstance CLAPI command to Host #7199
 * [LDAP] manage multiple ldap group with same dn - PR #6714
-* [ACL] Improve ACL access on downtime and hostgroup form - PR #6962
 
 Bug Fixes
 =========
 
-* [UI] Fix a Javascript bug when the new header is selected - PR #6590
-* [Downtimes] Pagination & filters corrections in recurrent Downtimes form - #6501, #6504, #6506, PR #6509
-* [LDAP] fix ldap import due to var typo
-* [Global] fix pagination when new header is enabled - PR #6687
-* [visual notification] exclude services started by BA from BAM UI notification style - PR #6782
 * [ACL] Host calculation with ACL is not correct - PR #6436
-* [Configuration] fix export of cbd watchdog logs path - #6794, PR #6919
 * [API] Broker configuration accept accept id 0
-* [Monitoring] Fix columns on the list page - PR #6984
-* [Chart] fix graph export when a curve is only displayed in legend - PR #7009
-* [Authentication] add sync with ldap groups upon login - PR #7057
-* [LDAP] Fix LDAP search when the 'user group attribute' field of ldap configuration is empty - PR #7057
-* [Configuration] fix broken hostgroup form and massive change on host - PR #7105
 * [API] Unset service/contact relations if set option - PR #7115
-* [Backup] Fix scp export of configuration files backup - PR #7112
 * [API] Use "Reach API *" to validate access to API - PR #7117
+* [Authentication] add sync with ldap groups upon login - PR #7057
+* [Backup] Fix scp export of configuration files backup - PR #7112
+* [Chart] fix graph export when a curve is only displayed in legend - PR #7009
+* [Centcore] Allow to set illegal characters for centcore (#7206)
+* [Configuration] fix export of cbd watchdog logs path - #6794, PR #6919
+* [Configuration] fix broken hostgroup form and massive change on host - PR #7105
+* [Downtimes] Pagination & filters corrections in recurrent Downtimes form - #6501, #6504, #6506, PR #6509
+* [Global] fix pagination when new header is enabled - PR #6687
+* [LDAP] fix ldap import due to var typo
+* [LDAP] Fix LDAP search when the 'user group attribute' field of ldap configuration is empty - PR #7057
+* [Monitoring] Fix columns on the list page - PR #6984
+* [UI] Fix a Javascript bug when the new header is selected - PR #6590
 * [UI] backport memory leak - PR #7003
+* [Visual notification] exclude services started by BA from BAM UI notification style - PR #6782
 
 Documentation
 =============
@@ -42,17 +43,18 @@ Documentation
 Security
 ========
 
+* Add SQL and XSS protection of Administration Logs page - PR #7038
+* Avoid password macro to appear in cleartext - PR #7020
+* Clean dead code about escalation - PR #7200
 * Fix XSS vulnerability on hosts and services comments - PR #6953
 * Fix SQL injection and duplicate action on the host list page - PR #6961
 * Fix the XSS vulnerability on poller resource - PR #6982
 * Fix XSS vulnerability in the ACL group search field - PR #7032
-* Avoid password macro to appear in cleartext - PR #7020
-* Add SQL and XSS protection of Administration Logs page - PR #7038
 * Fix SQL injection for virtual metrics - PR #7061
 * Fix SQL injection and duplicate feature - PR #7069
 * Fix XSS vulnerability in media - PR 7089
 * Protect hostname resolver from XSS - PR #7043
-* Clean dead code about escalation - PR #7200
+* Rce vulnerability fixed when using command's testing feature (#7245)
 
 Others
 ======
diff --git a/doc/fr/release_notes/centreon-2.8/centreon-2.8.27.rst b/doc/fr/release_notes/centreon-2.8/centreon-2.8.27.rst
index d2b8f78e31e..e7e0958d6ef 100644
--- a/doc/fr/release_notes/centreon-2.8/centreon-2.8.27.rst
+++ b/doc/fr/release_notes/centreon-2.8/centreon-2.8.27.rst
@@ -5,31 +5,32 @@ Centreon Web 2.8.27
 Enhancements
 ============
 
+* [ACL] Improve ACL access on downtime and hostgroup form - PR #6962
 * [API] API for commands arguments descriptions - PR #7196
 * [API] Add showinstance CLAPI command to Host #7199
 * [LDAP] manage multiple ldap group with same dn - PR #6714
-* [ACL] Improve ACL access on downtime and hostgroup form - PR #6962
 
 Bug Fixes
 =========
 
-* [UI] Fix a Javascript bug when the new header is selected - PR #6590
-* [Downtimes] Pagination & filters corrections in recurrent Downtimes form - #6501, #6504, #6506, PR #6509
-* [LDAP] fix ldap import due to var typo
-* [Global] fix pagination when new header is enabled - PR #6687
-* [visual notification] exclude services started by BA from BAM UI notification style - PR #6782
 * [ACL] Host calculation with ACL is not correct - PR #6436
-* [Configuration] fix export of cbd watchdog logs path - #6794, PR #6919
 * [API] Broker configuration accept accept id 0
-* [Monitoring] Fix columns on the list page - PR #6984
-* [Chart] fix graph export when a curve is only displayed in legend - PR #7009
-* [Authentication] add sync with ldap groups upon login - PR #7057
-* [LDAP] Fix LDAP search when the 'user group attribute' field of ldap configuration is empty - PR #7057
-* [Configuration] fix broken hostgroup form and massive change on host - PR #7105
 * [API] Unset service/contact relations if set option - PR #7115
-* [Backup] Fix scp export of configuration files backup - PR #7112
 * [API] Use "Reach API *" to validate access to API - PR #7117
+* [Authentication] add sync with ldap groups upon login - PR #7057
+* [Backup] Fix scp export of configuration files backup - PR #7112
+* [Chart] fix graph export when a curve is only displayed in legend - PR #7009
+* [Centcore] Allow to set illegal characters for centcore (#7206)
+* [Configuration] fix export of cbd watchdog logs path - #6794, PR #6919
+* [Configuration] fix broken hostgroup form and massive change on host - PR #7105
+* [Downtimes] Pagination & filters corrections in recurrent Downtimes form - #6501, #6504, #6506, PR #6509
+* [Global] fix pagination when new header is enabled - PR #6687
+* [LDAP] fix ldap import due to var typo
+* [LDAP] Fix LDAP search when the 'user group attribute' field of ldap configuration is empty - PR #7057
+* [Monitoring] Fix columns on the list page - PR #6984
+* [UI] Fix a Javascript bug when the new header is selected - PR #6590
 * [UI] backport memory leak - PR #7003
+* [Visual notification] exclude services started by BA from BAM UI notification style - PR #6782
 
 Documentation
 =============
@@ -42,17 +43,18 @@ Documentation
 Security
 ========
 
+* Add SQL and XSS protection of Administration Logs page - PR #7038
+* Avoid password macro to appear in cleartext - PR #7020
+* Clean dead code about escalation - PR #7200
 * Fix XSS vulnerability on hosts and services comments - PR #6953
 * Fix SQL injection and duplicate action on the host list page - PR #6961
 * Fix the XSS vulnerability on poller resource - PR #6982
 * Fix XSS vulnerability in the ACL group search field - PR #7032
-* Avoid password macro to appear in cleartext - PR #7020
-* Add SQL and XSS protection of Administration Logs page - PR #7038
 * Fix SQL injection for virtual metrics - PR #7061
 * Fix SQL injection and duplicate feature - PR #7069
 * Fix XSS vulnerability in media - PR 7089
 * Protect hostname resolver from XSS - PR #7043
-* Clean dead code about escalation - PR #7200
+* Rce vulnerability fixed when using command's testing feature (#7245)
 
 Others
 ======