diff --git a/CHANGELOG.md b/CHANGELOG.md
index 43fff4dda..949fc32f0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,12 +12,14 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - fixed some holes in SigningKey verification potentially allowing they key-user mapping to be poisoned
 - frontend ZIP files can no longer traverse to paths outside their install dir
 - fixed user updates trying but failing to renew signing key information
+- fixed signing key refresh on key rotation
 
 ## Changed
 - Dropped obsolete `ap_enabled` indicator from user table and associated buggy logic
 - The remote user count in prometheus metrics is now an estimate instead of an exact number
   since the latter proved unreasonably costly to obtain for a merely nice-to-have statistic
 - Various other tweaks improving stat query performance and avoiding unecessary work on received AP documents
+- HTTP signatures now test the most likely request-target alias first cutting down on overhead
 
 ## 2025.01.01