From 1f8745b2686a25b324e789494071da87adbb7ca9 Mon Sep 17 00:00:00 2001
From: naskya <m@naskya.net>
Date: Tue, 30 Apr 2024 05:51:12 +0900
Subject: [PATCH] docs: update changelog & notice-for-admins.md

---
 docs/changelog.md         |  8 +++++---
 docs/notice-for-admins.md | 21 +++++++++++++++++++++
 2 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/docs/changelog.md b/docs/changelog.md
index c7bb40a03a..1443205f9d 100644
--- a/docs/changelog.md
+++ b/docs/changelog.md
@@ -5,18 +5,20 @@ Critical security updates are indicated by the :warning: icon.
 - Server administrators should check [notice-for-admins.md](./notice-for-admins.md) as well.
 - Third-party client/bot developers may want to check [api-change.md](./api-change.md) as well.
 
-## Unreleased
+## :warning: Unreleased
 
 - Add ability to group similar notifications
 - Add features to share links to an account in the three dots menu on the profile page
 - Improve server logs
-- Fix bugs
+- Fix bugs (including a critical security issue)
+	- We are very thankful to @tesaguri and Laura Hausmann for helping to fix the security issue.
 
 ## [v20240424](https://firefish.dev/firefish/firefish/-/merge_requests/10765/commits)
 
 - Improve the usability of the feature to prevent forgetting to write alt texts
 - Add a server-wide setting for the maximum number of antennas each user can create
-- Fix bugs
+- Fix bugs (including a medium sevirity security issue)
+	- We are very thankful to @mei23 for kindly sharing the information about the security issue.
 
 ## [v20240421](https://firefish.dev/firefish/firefish/-/merge_requests/10756/commits)
 
diff --git a/docs/notice-for-admins.md b/docs/notice-for-admins.md
index a27f4e6c2f..892e05c8ec 100644
--- a/docs/notice-for-admins.md
+++ b/docs/notice-for-admins.md
@@ -8,6 +8,27 @@ You can skip intermediate versions when upgrading from an old version, but pleas
 
 You can control the verbosity of the server log by adding `maxLogLevel` in `.config/default.yml`. `logLevels` has been deprecated in favor of this setting. (see also: <https://firefish.dev/firefish/firefish/-/blob/eac0c1c47cd23789dcc395ab08b074934409fd96/.config/example.yml#L152>)
 
+### For systemd/pm2 users
+
+Not only Firefish but also Node.js has recently fixed a few security issues:
+
+- https://nodejs.org/en/blog/vulnerability/april-2024-security-releases
+- https://nodejs.org/en/blog/vulnerability/april-2024-security-releases-2
+
+So, it is highly recommended that you upgrade your Node.js version as well. The new versions are
+
+- Node v18.20.2 (v18.x LTS)
+- Node v20.12.2 (v20.x LTS)
+- Node v21.7.3 (v21.x)
+
+You can check your Node.js version by this command:
+
+```sh
+node --version
+```
+
+[Node v22](https://nodejs.org/en/blog/announcements/v22-release-announce) was also released several days ago, but we have not yet tested Firefish with this version.
+
 ## v20240413
 
 ### For all users