From c991212da063879dce273859b5864a250e8de059 Mon Sep 17 00:00:00 2001
From: Uwe Schindler <uschindler@apache.org>
Date: Mon, 30 Sep 2024 17:26:09 +0200
Subject: [PATCH] Add changes entries for CVE-2024-45772 and related commits

---
 lucene/CHANGES.txt | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lucene/CHANGES.txt b/lucene/CHANGES.txt
index abcad073a73..bf7b99b159f 100644
--- a/lucene/CHANGES.txt
+++ b/lucene/CHANGES.txt
@@ -318,6 +318,12 @@ Build
 
 ======================== Lucene 9.12.0 =======================
 
+Security Fixes
+---------------------
+
+* Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator - CVE-2024-45772
+ (Summ3r from Vidar-Team, Robert Muir, Paul Irwin)
+
 API Changes
 ---------------------
 
@@ -510,6 +516,8 @@ Other
 * GITHUB#13720: Add float comparison based on unit of least precision and use it to stop test failures caused by float
   summation not being associative in IEEE 754. (Alex Herbert, Stefan Vodita)
 
+* Remove code triggering forbidden-apis regarding Java serialization. (Uwe Schindler, Robert Muir)
+
 ======================== Lucene 9.11.1 =======================
 
 Bug Fixes