From bfa8c2eb6187c969659624c109dc30f6d9f87157 Mon Sep 17 00:00:00 2001
From: mdtro <matthew.trostel@sentry.io>
Date: Thu, 9 Nov 2023 14:30:54 -0600
Subject: [PATCH] changelog: include CVE details for security fixes on 7.77.0

---
 CHANGELOG.md | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e04de0cd43bb..07790b7ddfc1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -32,7 +32,7 @@ This was possible by extensive use of tree shaking and a host of small changes t
 
 By using [tree shaking](https://docs.sentry.io/platforms/javascript/configuration/tree-shaking/) it is possible to shave up to 10 additional KB off the bundle.
 
-#### Other Changes
+### Other Changes
 
 - feat(astro): Add Sentry middleware (#9445)
 - feat(feedback): Add "outline focus" and "foreground hover" vars (#9462)
@@ -52,13 +52,18 @@ By using [tree shaking](https://docs.sentry.io/platforms/javascript/configuratio
 
 ## 7.77.0
 
+### Security Fixes
+
+- fix(nextjs): Match only numbers as orgid in tunnelRoute (#9416) (CVE-2023-46729)
+- fix(nextjs): Strictly validate tunnel target parameters (#9415) (CVE-2023-46729)
+
+### Other Changes
+
 - feat: Move LinkedErrors integration to @sentry/core (#9404)
 - feat(remix): Update sentry-cli version to ^2.21.2 (#9401)
 - feat(replay): Allow to treeshake & configure compression worker URL (#9409)
 - fix(angular-ivy): Adjust package entry points to support Angular 17 with SSR config (#9412)
 - fix(feedback): Fixing feedback import (#9403)
-- fix(nextjs): Match only numbers as orgid in tunnelRoute (#9416)
-- fix(nextjs): Strictly validate tunnel target parameters (#9415)
 - fix(utils): Avoid keeping a reference of last used event (#9387)
 
 ## 7.76.0