diff --git a/ChangeLog b/ChangeLog
index 593e7519a..f440011e5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,7 +2,15 @@ mbed TLS ChangeLog (Sorted per branch, date)
 
 = mbed TLS 1.3.15 released 2015-10-xx
 
+Security
+   * The X509 max_pathlen constraint was not enforced on intermediate
+     certificates. Found by Nicholas Wilson, fix and tests provided by
+     Janos Follath. #280 and #319
+
 Bugfix
+   * Self-signed certificates were not excluded from pathlen counting,
+     resulting in some valid X.509 being incorrectly rejected. Found and fix
+     provided by Janos Follath. #319
    * Fix bug causing some handshakes to fail due to some non-fatal alerts not
      begin properly ignored. Found by mancha and Kasom Koht-arsa, #308
    * Fix build error with configurations where ECDHE-PSK is the only key