Add a ChangeLog entry for session serialisation

ChangeLog

@@ -2,6 +2,14 @@ mbed TLS ChangeLog (Sorted per branch, date)
 
 = mbed TLS 2.x.x branch released xxxx-xx-xx
 
+Security
+   * Make mbedtls_ecdh_get_params return an error if the second key
+     belongs to a different group from the first. Before, if an application
+     passed keys that belonged to different group, the first key's data was
+     interpreted according to the second group, which could lead to either
+     an error or a meaningless output from mbedtls_ecdh_get_params. In the
+     latter case, this could expose at most 5 bits of the private key.
+
 Features
    * Add support for draft-05 of the Connection ID extension, as specified
      in https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05.
@@ -12,14 +20,10 @@ Features
      changed its IP or port. The feature is enabled at compile-time by setting
      MBEDTLS_SSL_DTLS_CONNECTION_ID (disabled by default), and at run-time
      through the new APIs mbedtls_ssl_conf_cid() and mbedtls_ssl_set_cid().
-
+   * Add new API functions mbedtls_ssl_session_save() and
-Security
+     mbedtls_ssl_session_load() to allow serialising a session, for example to
-   * Make mbedtls_ecdh_get_params return an error if the second key
+     store it in non-volatile storage, and later using it for TLS session
-     belongs to a different group from the first. Before, if an application
+     resumption.
-     passed keys that belonged to different group, the first key's data was
-     interpreted according to the second group, which could lead to either
-     an error or a meaningless output from mbedtls_ecdh_get_params. In the
-     latter case, this could expose at most 5 bits of the private key.
 
 Bugfix
    * Server's RSA certificate in certs.c was SHA-1 signed. In the default