diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7f3107f95..f9260459a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -323,6 +323,41 @@ Thanks to all contributors:
   * Code quality fixes
   * Small documentation fixes
 
+## 2.11.10 (2021-07-15)
+
+Version 2.11.10 fixes two security vulnerabilities that may lead to privilege
+escalation for authenticated API users. Other improvements include several
+bugfixes related to downtimes, downtime notifications, and more reliable
+connection handling.
+
+### Security
+
+* Don't expose the PKI ticket salt via the API. This may lead to privilege
+  escalation for authenticated API users by them being able to request
+  certificates for other identities (CVE-2021-32739)
+* Don't expose IdoMysqlConnection, IdoPgsqlConnection, and ElasticsearchWriter
+  passwords via the API (CVE-2021-32743)
+* Windows: Update bundled OpenSSL to version 1.1.1k #8888
+
+Depending on your setup, manual intervention beyond installing the new versions
+may be required, so please read the more detailed information in the
+[release blog post](https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/)
+carefully.
+
+### Bugfixes
+
+* Don't send downtime end notification if downtime hasn't started #8878
+* Don't let a failed downtime creation block the others #8871
+* Support downtimes and comments for checkables with long names #8870
+* Trigger fixed downtimes immediately if the current time matches
+  (instead of waiting for the timer) #8891
+* Add configurable timeout for full connection handshake #8872
+
+### Enhancements
+
+* Replace existing downtimes on ScheduledDowntime change #8880
+* Improve crashlog #8869
+
 ## 2.11.9 (2021-05-27)
 
 Version 2.11.9 is a maintenance release that fixes some crashes, improves error handling