diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6b87a8390..1f4f5801a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,6 +15,9 @@ SECURITY:
    nodes is sufficient to cause the performance standby nodes to clear their
    cache. A CVE is in the process of being issued; the number is
    CVE-2019-11075.
+ * Roles in the JWT Auth backend using the OIDC login flow (i.e. role_type of
+   “oidc”) were not enforcing bound_cidrs restrictions, if any were configured
+   for the role. This issue did not affect roles of type “jwt”.
 
 CHANGES: