From 524ea208c870861a719f21b1ea48943c8b7520da Mon Sep 17 00:00:00 2001
From: Uwe Schindler <uschindler@apache.org>
Date: Mon, 30 Sep 2024 17:26:09 +0200
Subject: [PATCH] Add changes entries for CVE-2024-45772 and related commits

---
 lucene/CHANGES.txt | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lucene/CHANGES.txt b/lucene/CHANGES.txt
index 15ee38cdca1..15a0dee014f 100644
--- a/lucene/CHANGES.txt
+++ b/lucene/CHANGES.txt
@@ -296,6 +296,12 @@ Build
 
 ======================== Lucene 9.12.0 =======================
 
+Security Fixes
+---------------------
+
+* Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator - CVE-2024-45772
+ (Summ3r from Vidar-Team, Robert Muir, Paul Irwin)
+
 API Changes
 ---------------------
 
@@ -488,6 +494,8 @@ Other
 * GITHUB#13720: Add float comparison based on unit of least precision and use it to stop test failures caused by float
   summation not being associative in IEEE 754. (Alex Herbert, Stefan Vodita)
 
+* Remove code triggering forbidden-apis regarding Java serialization. (Uwe Schindler, Robert Muir)
+
 ======================== Lucene 9.11.1 =======================
 
 Bug Fixes