From 316d39f24c46362a6a9c17781d0ef60d5e44c435 Mon Sep 17 00:00:00 2001
From: "nicolas.dorier" <nicolas.dorier@gmail.com>
Date: Sat, 9 Jul 2022 11:29:33 +0900
Subject: [PATCH] Update Changelog

---
 Changelog.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Changelog.md b/Changelog.md
index de2627a0e..dc7aec6ea 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -2,6 +2,10 @@
 
 ## 1.6.0
 
+In the past six months, we fixed a critical security vulnerability in one of BTCPay's versions. The security vulnerability has been disclosed responsibly, and we granted a bounty to the security researcher who discovered it. As far as we know, this particular vulnerability has not been exploited in the wild as it depends on multiple factors. For security reasons, we will not publicly disclose details yet. Timeframe for public disclosure is 6-12 months. We already have a CVE number reserved for it.
+
+It's very likely that by updating BTCPay Server in the past six months, you've already patched this vulnerability. To be safe, update your instance if you haven't done so in a long time.
+
 ### New features:
 
 * Dashboard: Add Lightning balances and easy access to lightning services (#3838) @dennisreimann