From 77ad67a0eae9cd8dd95d6e80da9d22ea848bc5d8 Mon Sep 17 00:00:00 2001
From: Johannes Schmidt <johannes.schmidt@icinga.com>
Date: Thu, 29 Jan 2026 11:44:39 +0100
Subject: [PATCH] Add security update to v2.14.8 changelog

---
 CHANGELOG.md | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index fe0b0c7ed..6dd685b79 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,9 +9,12 @@ Released closed milestones can be found on [GitHub](https://github.com/Icinga/ic
 
 ## 2.14.8 (2026-01-29)
 
-This release updates the bundled OpenSSL library and includes changes to allow
-building with newer toolchains.
+This security release fixes a problem in the Icinga 2 Windows MSI that did not
+set proper permissions for `%ProgramData%\icinga2\var`. Additionally, it
+updates the bundled OpenSSL library and includes changes to allow building with
+newer toolchains.
 
+* CVE-2026-24413: Fix permissions of `%ProgramData%\icinga2\var` on Windows.
 * Windows: Update to OpenSSL 3.0.19. #10705
 * Bump Boost shipped for Windows to v1.87. #10651
 * Allow building with CMake 4. #10624