From 8f2d018bcf1f4b8790b2508d2dea816f9c3616fe Mon Sep 17 00:00:00 2001
From: mdecimus <11444311+mdecimus@users.noreply.github.com>
Date: Tue, 17 Feb 2026 08:44:28 +0000
Subject: [PATCH] v0.15.5: Added CVE details

---
 CHANGELOG.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 084b22e4..1cb2c8e4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,14 +12,13 @@ If you are upgrading from v0.15.x, replace the binary and update the webadmin.
 ## Changed
 
 ## Fixed
-- IMAP/JMAP: OOM when `mail-parser` returns cyclical MIME structures.
+- IMAP/JMAP: OOM when `mail-parser` returns cyclical MIME structures [CVE-2026-26312](https://github.com/stalwartlabs/stalwart/security/advisories/GHSA-jm95-876q-c9gw).
 - Tracing: Fix tracing indexing when using separate stores.
 - JMAP: Fix `upToId` computation in `*/queryChanges`.
 - JMAP: Include createdIds when the property is present.
 - JMAP: Respect query arguments in `Email/queryChanges`.
 - JMAP: Return the correct container/item change id when there are no changes.
 
-
 ## [0.15.4] - 2026-01-19
 
 If you are upgrading from v0.14.x and below, this version includes **multiple breaking changes**. Please read the [upgrading documentation](https://github.com/stalwartlabs/stalwart/blob/main/UPGRADING/v0_15.md) for more information on how to upgrade from previous versions.