From ff3946455917e6298b6cd38e484d1782efb51d4e Mon Sep 17 00:00:00 2001
From: Beth Griggs <bgriggs@redhat.com>
Date: Tue, 5 Jan 2021 12:02:16 +0000
Subject: [PATCH] doc: add OpenSSL CVE fix to notable changes in v15.5.0

PR-URL: https://github.com/nodejs/node/pull/36798
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
---
 doc/changelogs/CHANGELOG_V15.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/doc/changelogs/CHANGELOG_V15.md b/doc/changelogs/CHANGELOG_V15.md
index 0b575a984458d6..8a9b03c98913b7 100644
--- a/doc/changelogs/CHANGELOG_V15.md
+++ b/doc/changelogs/CHANGELOG_V15.md
@@ -77,6 +77,12 @@ Vulnerabilities fixed:
 
 ### Notable Changes
 
+#### OpenSSL-1.1.1i
+
+OpenSSL-1.1.1i contains a fix for CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High). This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20201208.txt
+
+Contributed by Myles Borins [#36520](https://github.com/nodejs/node/pull/36520).
+
 #### Extended support for `AbortSignal` in child_process and stream
 
 The following APIs now support an `AbortSignal` in their options object: