From 17d1ac92d71280b4ba6f4baeedde90c2cea55043 Mon Sep 17 00:00:00 2001
From: Jongsun Suh <jongsun.suh@icloud.com>
Date: Tue, 20 Aug 2024 11:14:35 -0400
Subject: [PATCH] Add changelog entries for `#318` (#327)

---
 CHANGELOG.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4e45bcd5..927bb61b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,6 +17,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Bump `@metamask/rpc-errors` from `^6.0.0` to `^6.3.1` ([#323](https://github.com/MetaMask/eth-json-rpc-middleware/pull/323))
 - Bump `@metamask/utils` from `^8.1.0` to `^9.1.0` ([#323](https://github.com/MetaMask/eth-json-rpc-middleware/pull/323))
 
+### Security
+- **BREAKING:** Typed signature validation only replaces `0X` prefix with `0x`, and contract address normalization is removed for decimal and octal values ([#318](https://github.com/MetaMask/eth-json-rpc-middleware/pull/318))
+  - Threat actors have been manipulating `eth_signTypedData_v4` fields to cause failures in blockaid's detectors.
+  - Extension crashes with an error when performing Malicious permit with a non-0x prefixed integer address.
+  - This fixes an issue where the key value row or petname component disappears if a signed address is prefixed by "0X" instead of "0x".
+
 ## [13.0.0]
 ### Changed
 - **BREAKING**: Drop support for Node.js v16; add support for Node.js v20, v22 ([#312](https://github.com/MetaMask/eth-json-rpc-middleware/pull/312))