From fa7a9a63b87c0ab283b33d39a7ab121b665bfea2 Mon Sep 17 00:00:00 2001
From: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
Date: Fri, 18 Feb 2022 22:05:09 +0100
Subject: [PATCH] update changelog (#1485)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>
Signed-off-by: Jake Sanders <jsand@google.com>
---
 CHANGELOG.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 95ee73d345f..1d2ebbf58f5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # v1.5.2
 
+## Security Fixes
+
+* CVE-2022-23649 - Make sure signature in Rekor bundle matches signature being verified
+
 ## Others
 
 * refactor release cloudbuild job (https://github.com/sigstore/cosign/pull/1476)
@@ -14,7 +18,11 @@
 
 * Batuhan Apaydın (@developer-guy)
 * Carlos Tadeu Panato Junior (@cpanato)
+* Dan Lorenc (@dlorenc)
 * Kenny Leung (@k4leung4)
+* Matt Moore (@mattmoor)
+* Nathan Smith (@nsmith5)
+* Priya Wadhwa (@priyawadhwa)
 * Zack Newman (@znewman01)
 
 # v1.5.1