diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index 0e6814d394..844254bf22 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -107,6 +107,7 @@
 		<li>[Change] Performance increase for get_username_string() (Bug #37545 - Patch by BartVB)</li>
 		<li>[Change] Slight performance increase for common parameter calls to append_sid() (Bug #37555 - Patch by BartVB)</li>
 		<li>[Feature] Added 'AGO' setting to relative date strings. For example: posted 14 minutes ago. (Patch by BartVB)</li>
+		<li>[Sec] Fixed an issue where deactivated accounts could be re-activated without the required privileges.(Thanks Jorick)</li>
 	</ul>
 
 	<a name="v302"></a><h3>1.ii. Changes since 3.0.2</h3>
@@ -192,6 +193,7 @@
 		<li>[Change] MCP topic view checkboxes now default to unchecked.</li>
 		<li>[Change] Adjust language key <em>SPLIT_AFTER</em> to make the action clearer.</li>
 		<li>[Change] Add links to the post and forum when viewing a report from the MCP. (Bugs #33795, #33805)</li>
+		<li>[Change] Added CSRF protection to GET-only actions like marking forums.</li>
 		<li>[Change] Remove NUL-Bytes directly in request_var() for strings and within the custom DBAL sql_escape() functions (MSSQL, Firebird, Oracle) (reported by AdhostMikeSw)</li>
 
 		<li>[Feature] Allow limited inheritance for template sets.</li>