changelog: add link to security advisory for v0.27.1 (#1633)

backport-actions-token[bot] · kenjenkins · ZPain8464 · web-flow · commit ce331513d6e0 · 2024-10-08T09:56:05.000-04:00
changelog: add link to security advisory for v0.27.1 (#1631) Co-authored-by: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com> Co-authored-by: zachary painter <60552605+ZPain8464@users.noreply.github.com>
diff --git a/content/docs/core/changelog.mdx b/content/docs/core/changelog.mdx
@@ -21,6 +21,8 @@ Please refer to the [upgrade guide](/docs/core/upgrading) before upgrading.
 
 [Full Changelog](https://github.com/pomerium/pomerium/compare/v0.27.0...v0.27.1)
 
+Pomerium v0.27.1 includes a fix to the databroker service API authorization logic. Certain service account tokens from Pomerium Zero or Pomerium Enterprise could grant unintended authorization to the databroker service API. See the [CVE-2024-47616](https://github.com/pomerium/pomerium/security/advisories/GHSA-r7rh-jww5-5fjr) for more information.
+
 ### Security
 
 - Additional validation checks for gRPC API authorization. This update resolves a security vulnerability that we believe affects only certain Pomerium Enterprise and Pomerium Zero deployments.
