diff --git a/CHANGELOG.md b/CHANGELOG.md
index f9c73f4d068..77a5c0c4d41 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ The following sections list the changes for unreleased.
 * Bugfix - CSP rules for silent token refresh in iframe: [#4031](https://github.com/owncloud/ocis/pull/4031)
 * Bugfix - Remove unused configuration options: [#3973](https://github.com/owncloud/ocis/pull/3973)
 * Bugfix - Remove static ocs user backend config: [#4077](https://github.com/owncloud/ocis/pull/4077)
+* Bugfix - Fix make sensitive config values in the proxy's debug server: [#4086](https://github.com/owncloud/ocis/pull/4086)
 * Bugfix - Store user passwords hashed in idm: [#3778](https://github.com/owncloud/ocis/issues/3778)
 * Enhancement - Add capability for alias links: [#3983](https://github.com/owncloud/ocis/issues/3983)
 * Enhancement - Refactor extensions to services: [#3980](https://github.com/owncloud/ocis/pull/3980)
@@ -45,6 +46,13 @@ The following sections list the changes for unreleased.
 
    https://github.com/owncloud/ocis/pull/4077
 
+* Bugfix - Fix make sensitive config values in the proxy's debug server: [#4086](https://github.com/owncloud/ocis/pull/4086)
+
+   We've fixed a security issue of the proxy's debug server config report endpoint. Previously
+   sensitive configuration values haven't been masked. We now mask these values.
+
+   https://github.com/owncloud/ocis/pull/4086
+
 * Bugfix - Store user passwords hashed in idm: [#3778](https://github.com/owncloud/ocis/issues/3778)
 
    Support for hashing user passwords was added to libregraph/idm. The graph API will now set