From fa436a359b777f65738aee988802ec34b863dc4b Mon Sep 17 00:00:00 2001
From: Daisuke Maki <lestrrat+github@gmail.com>
Date: Sun, 3 Dec 2023 16:04:12 +0900
Subject: [PATCH] Update Changes

---
 Changes | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/Changes b/Changes
index 14c01d5ee..0f06ccb2b 100644
--- a/Changes
+++ b/Changes
@@ -2,7 +2,13 @@ Changes
 =======
 
 v1.2.27 - UNRELEASED
-[Buf xies]
+[Security]
+  * [jwe] A large number in p2c parameter for PBKDF2 based encryptions could cause a DoS attack,
+    similar to https://nvd.nist.gov/vuln/detail/CVE-2022-36083.  All users should upgrade, as
+    unlike v2, v1 attempts to decrypt JWEs on JWTs by default.
+    [GHSA-7f9x-gw85-8grf]
+
+[Bug xies]
   * [jwk] jwk.Set(jwk.KeyOpsKey, <jwk.KeyOperation>) now works (previously, either
      Set(.., <string>) or Set(..., []jwk.KeyOperation{...}) worked, but not a single
      jwk.KeyOperation