From 03238d51586f6b3c0bdbb1a23cf16799344d6c32 Mon Sep 17 00:00:00 2001
From: Thomas Wolf <twolf@apache.org>
Date: Tue, 15 Nov 2022 23:43:04 +0100
Subject: [PATCH] Mention CVE-2022-45047 fixed

---
 docs/changes/2.9.2.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/docs/changes/2.9.2.md b/docs/changes/2.9.2.md
index 5f2d15224..a23163188 100644
--- a/docs/changes/2.9.2.md
+++ b/docs/changes/2.9.2.md
@@ -2,6 +2,9 @@
 
 ## Bug fixes
 
+* [CVE-2022-45047](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45047) Unsafe deserialization in `org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider`
+
+
 * [SSHD-1173](https://issues.apache.org/jira/browse/SSHD-1173) Not fully using up a channel window may lead to hangs (see [Channel windows](#channelwindows0) below)
 * [SSHD-1287](https://issues.apache.org/jira/browse/SSHD-1287) SFTP: reading with buffers larger than 126kB leads to data corruption
 * [SSHD-1293](https://issues.apache.org/jira/browse/SSHD-1293) ExplicitPortForwardingTracker does not unbind auto-allocated port
@@ -11,6 +14,7 @@
 * [SSHD-1303](https://issues.apache.org/jira/browse/SSHD-1303) Reading from redirected Channel.getInvertedErr() delivers stdout; should be at EOF
 * [SSHD-1307](https://issues.apache.org/jira/browse/SSHD-1307) [NIO2] TCP/IP port forwarding: shut down output stream only after pending writes have been written
 
+
 * [GH-263](https://github.com/apache/mina-sshd/issues/263)  Race condition in BufferedIoOutputStream
 * [GH-266](https://github.com/apache/mina-sshd/issues/266)  ChannelPipedOutputStream.flush() must be a no-op