diff --git a/CHANGELOG b/CHANGELOG
index 259e1a30072ae980dd6ad1b545e4285077bfcb9f..28aac9536276ad6d676bf87e1abfaa5c10aec19f 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -52,6 +52,7 @@ v 7.10.0 (unreleased)
   - Don't show commit comment button when user is not signed in.
   - Fix admin user projects lists.
   - Don't leak private group existence by redirecting from namespace controller to group controller.
+  - Only allow users to reference groups, projects, issues, MRs, commits they have access to.
 
 v 7.9.2
   - Contains no changes