From 580d9ba1568adcf93b4737c4fc3b6efe5b2a2ebf Mon Sep 17 00:00:00 2001
From: Shivaram Lingamneni <slingamn@cs.stanford.edu>
Date: Sun, 14 Jul 2019 19:28:20 -0400
Subject: [PATCH] update changelog

---
 CHANGELOG.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e90a65db..6ace022f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,21 @@
 # Changelog
 All notable changes to Oragono will be documented in this file.
 
+## [1.1.1] - 2019-07-15
+Oragono 1.1.1 is a bugfix release for flaws in message handling, including one with security implications.
+
+Many thanks to [@streaps](https://github.com/streaps) for reporting issues.
+
+### Upgrade notes
+
+This release does not change the database or configuration file format.
+
+### Security
+* Previous releases of Oragono would incorrectly relay chat messages containing the `\r` byte. An attacker could use this to spoof protocol messages from the server (depending on the implementation of the victim's client). This has been fixed.
+
+### Fixed
+* Fixed incorrect rejection of messages with multiple spaces (#602, thanks [@streaps](https://github.com/streaps)!)
+
 ## [1.1.0] - 2019-06-27
 We're pleased to announce Oragono version 1.1.0. This version has a number of exciting improvements, including: