From d210e7321bab17ce380220503f0bcb8dfae72242 Mon Sep 17 00:00:00 2001
From: "Alan T. DeKok" <aland@freeradius.org>
Date: Mon, 17 Jul 2017 08:29:44 -0400
Subject: [PATCH] note recent changes

---
 doc/ChangeLog | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/doc/ChangeLog b/doc/ChangeLog
index 912f3ef..c4afea8 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,8 +1,25 @@
-FreeRADIUS 2.2.10 Wednesday 30 Sep 2015 17:00:00 EDT, urgency=medium
+FreeRADIUS 2.2.10 Monday 17 Jul 2017 09:00:00 EDT, urgency=high
 	Feature improvements
 	* None.
 
 	Bug fixes
+	* Fix multiple security issues. See
+	  http://freeradius.org/security/fuzzer-2017.html
+	  Thanks to Guido Vranken for working with us to
+	  discover the issues and test the fixes.
+	* FR-GV-207 Avoid zero-length malloc() in data2vp()
+	* FR-GV-206 correct decoding of option 60
+	* FR-GV-205 check for "too long" WiMAX options
+	* FR-GV-204 free VP if decoding fails, so we don't leak memory.
+	* FR-GV-203 fix memory leak when using decode_tlv()
+	* FR-GV-202 check for "too long" attributes
+	* FR-GV-201 check input/output length in make_secret()
+	* FR-AD-001 Use strncmp() instead of memcmp() for bounded data.
+	* Disable in-memory TLS session caches due to OpenSSL API
+	  issues.
+	* Allow issuer_cert to be empty.
+	* Look for extensions using correct index
+	* Fix types
 	* Work around OpenSSL 1.0.2 problems, which cause failures
 	  in TLS-based EAP methods.
 	* Revert RedHat contributed bug which removes run-time checks
-- 
2.1.4