From a21ad8882891a4af7688bb1abe369178d154ee22 Mon Sep 17 00:00:00 2001
From: Marc Jansing <marc.jansing@innoq.com>
Date: Wed, 18 Jan 2023 08:16:27 +0100
Subject: [PATCH] docs(changelog): add note about maxHttpBufferSize default
 value (#4596)

Reference: https://github.com/socketio/socket.io/releases/tag/2.5.0
---
 CHANGELOG.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 78bb5fa5c7..bd19e2c155 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -88,6 +88,12 @@ This release contains a bump of:
 
 # [2.5.0](https://github.com/socketio/socket.io/compare/2.4.1...2.5.0) (2022-06-26)
 
+⚠️ WARNING ⚠️
+
+The default value of the maxHttpBufferSize option has been decreased from 100 MB to 1 MB, in order to prevent attacks by denial of service.
+
+Security advisory: [GHSA-j4f2-536g-r55m](https://github.com/advisories/GHSA-j4f2-536g-r55m)
+
 
 ### Bug Fixes