From 237147e6e09bec52145e9a25a46aff36ac4459da Mon Sep 17 00:00:00 2001
From: Nikolaus Rath <Nikolaus@rath.org>
Date: Wed, 18 Jul 2018 20:35:46 +0100
Subject: [PATCH] Added ChangeLog entry for hardening patches.

---
 ChangeLog.rst | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/ChangeLog.rst b/ChangeLog.rst
index 9ba0263..10ab5ad 100644
--- a/ChangeLog.rst
+++ b/ChangeLog.rst
@@ -1,6 +1,10 @@
-libfuse 3.2.5
-==========================
+Unreleased Changes
+==================
 
+* The fusermount binary has been hardened in several ways to reduce
+  potential attack surface. Most importantly, mountpoints and mount
+  options must now match a hard-coded whitelist. It is expected that
+  this whitelist covers all regular use-cases.
 * Added a test of `seekdir` to test_syscalls.
 * Fixed `readdir` bug when non-zero offsets are given to filler and the
   filesystem client, after reading a whole directory, re-reads it from a
-- 
2.30.2