f Add security contents to CHANGELOG entry for 0.0.109

Author: TheBlueMatt

CHANGELOG.md

@@ -43,6 +43,18 @@
    serializing `ChannelConfig` using the LDK serialization API, however, if a
    backward compatibility wrapper is required, please open an issue.
 
+## Security
+0.0.109 fixes a denial-of-service vulnerability which is reachable from
+untrusted input in some application deployments.
+
+ * Third parties which are allowed to open channels with an LDK-based node may
+   fund a channel with a bogus and maliciously-crafted transaction which, when
+   spent, can cause a panic in the channel's corresponding `ChannelMonitor`.
+   Such a channel is never usable as it cannot be funded with a funding
+   transaction which matches the required output script, allowing the
+   `ChannelMonitor` for such channels to be safely purged as a workaround on
+   previous versions of LDK. Thanks to Eugene Siegel for reporting this issue.
+
 In total, this release features 32 files changed, 1868 insertions, 520
 deletions in 32 commits from 9 authors, in alphabetical order:
  * Antoine Riard