From 0219eb18141672ea35ebe319e209dd520bdf676e Mon Sep 17 00:00:00 2001
From: Lars Erik Wik <lars.erik.wik@northern.tech>
Date: Tue, 10 Feb 2026 12:36:48 +0100
Subject: [PATCH] Added CVE references to changelog

Ticket: SEC-1877
Signed-off-by: Lars Erik Wik <lars.erik.wik@northern.tech>
---
 ChangeLog | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 8a6d6f76fa..3c38b178fa 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,6 +20,10 @@
 	  Fixed bug where rendered files can result in erroneously empty files
 	  as a result of promise locking (ENT-9980)
 
+	Security fixes:
+	- CVE-2026-24712 - Injection in CFEngine Policy Language:
+	  https://cfengine.com/blog/2026/cve-2026-24710-and-cve-2026-24711-and-cve-2026-24712/
+
 3.24.2:
 	- Adjusted cf-support for exotic UNIX platforms (ENT-9786)
 	- Adjusted cf-support to not fail if core dumps are available and gdb is