From a4e8574be7165d3c21162456f160e0faf3d05de3 Mon Sep 17 00:00:00 2001
From: gotjosh <josue.abreu@gmail.com>
Date: Fri, 25 Aug 2023 11:23:06 +0100
Subject: [PATCH] Add a `[SECURITY]` to the changelog and update CVE-2023-40577

Some users have been vocal about the security fix not visible enough in the changelog, it seems like prometheus uses [SECURITY] to disclose these and I think it's a good practice.

A copy of #3487 but for the release branch of 0.25

Signed-off-by: gotjosh <josue.abreu@gmail.com>
---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 03a9c429..d9d1ad18 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,6 @@
 ## 0.25.1 / 2023-08-23
 
-* [BUGFIX] Fix stored XSS via the /api/v1/alerts endpoint in the Alertmanager UI.
+* [SECURITY] Fix stored XSS via the /api/v1/alerts endpoint in the Alertmanager UI. CVE-2023-40577
 
 ## 0.25.0 / 2022-12-22