From 0f7336bd897c4124e7e595f211a531fa3e482f8f Mon Sep 17 00:00:00 2001
From: Ryan Northey <ryan@synca.io>
Date: Thu, 4 Apr 2024 11:53:31 +0100
Subject: [PATCH] changelogs: Add changelog for CVE-2024-30255

https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm

Signed-off-by: Ryan Northey <ryan@synca.io>
---
 changelogs/current.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/changelogs/current.yaml b/changelogs/current.yaml
index 2aea4a179d5f..426455be866b 100644
--- a/changelogs/current.yaml
+++ b/changelogs/current.yaml
@@ -20,6 +20,9 @@ bug_fixes:
 - area: jwt_authn
   change: |
     Fixed JWT extractor, which concatenated headers with a comma, resultig in invalid tokens.
+- area: http2
+  change: |
+    Update nghttp2 to resolve CVE-2024-30255 (https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm).
 
 removed_config_or_runtime:
 # *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`