diff --git a/changelog/_2021Jan20.txt b/changelog/_2021Jan20.txt
new file mode 100644
index 000000000..1ffaa8def
--- /dev/null
+++ b/changelog/_2021Jan20.txt
@@ -0,0 +1,12 @@
+```release-note:security
+Mount Path Disclosure: Vault previously returned different HTTP status codes for
+existent and non-existent mount paths. This behavior would allow unauthenticated
+brute force attacks to reveal which paths had valid mounts. This issue affects
+Vault and Vault Enterprise and is fixed in 1.6.2 (CVE-2020-25594).
+```
+```release-note:security
+IP Address Disclosure: We fixed a vulnerability where, under some error
+conditions, Vault would return an error message disclosing internal IP
+addresses. This vulnerability affects Vault and Vault Enterprise and is fixed in
+1.6.2 (CVE-2021-3024).
+```
diff --git a/changelog/changelog.tmpl b/changelog/changelog.tmpl
index 6f5183e85..4f2c9d2d0 100644
--- a/changelog/changelog.tmpl
+++ b/changelog/changelog.tmpl
@@ -14,6 +14,14 @@ SECURITY:
 {{ end -}}
 {{- end -}}
 
+{{- if .NotesByType.change }}
+CHANGES:
+
+{{range .NotesByType.change -}}
+* {{ template "note" . }}
+{{ end -}}
+{{- end -}}
+
 {{- if .NotesByType.feature -}}
 FEATURES: