diff --git a/CHANGELOG b/CHANGELOG
index ab8b86ba928da91a7d87c4dc6674566cdedfa582..e7428834c1b038f0265d2d57f18cc5fcb65cd56b 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -4,6 +4,7 @@ v 8.8.0 (unreleased)
 
 v 8.7.0 (unreleased)
   - Gitlab::GitAccess and Gitlab::GitAccessWiki are now instrumented
+  - Fix vulnerability that made it possible to gain access to private labels and milestones
   - The number of InfluxDB points stored per UDP packet can now be configured
   - Fix error when cross-project label reference used with non-existent project
   - Transactions for /internal/allowed now have an "action" tag set