diff --git a/ChangeLog b/ChangeLog
index add1831cd..e967075df 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,7 +2,15 @@ PolarSSL ChangeLog
 
 = Version 1.2.18 released 2015-10-xx
 
+Security
+   * The X509 max_pathlen constraint was not enforced on intermediate
+     certificates. Found by Nicholas Wilson, fix and tests provided by
+     Janos Follath. #280 and #319
+
 Bugfix
+   * Self-signed certificates were not excluded from pathlen counting,
+     resulting in some valid X.509 being incorrectly rejected. Found and fix
+     provided by Janos Follath. #319
    * Fix failures in MPI on Sparc(64) due to use of bad assembly code.
      Found by Kurt Danielson. #292