diff --git a/doc/src/sgml/release-13.sgml b/doc/src/sgml/release-13.sgml
index ffb1535fc8..e809633ffb 100644
--- a/doc/src/sgml/release-13.sgml
+++ b/doc/src/sgml/release-13.sgml
@@ -25,7 +25,7 @@
However, note that installations using physical replication should
update standby servers before the primary server, as explained in
- the first changelog entry below.
+ the third changelog entry below.
@@ -48,6 +48,74 @@
+
+ Make the server reject extraneous data after an SSL or GSS
+ encryption handshake (Tom Lane)
+
+
+
+ A man-in-the-middle with the ability to inject data into the TCP
+ connection could stuff some cleartext data into the start of a
+ supposedly encryption-protected database session.
+ This could be abused to send faked SQL commands to the server,
+ although that would only work if the server did not demand any
+ authentication data. (However, a server relying on SSL certificate
+ authentication might well not do so.)
+
+
+
+ The PostgreSQL Project thanks
+ Jacob Champion for reporting this problem.
+ (CVE-2021-23214)
+
+
+
+
+
+
+ Make libpq reject extraneous data after
+ an SSL or GSS encryption handshake (Tom Lane)
+
+
+
+ A man-in-the-middle with the ability to inject data into the TCP
+ connection could stuff some cleartext data into the start of a
+ supposedly encryption-protected database session.
+ This could probably be abused to inject faked responses to the
+ client's first few queries, although other details of libpq's
+ behavior make that harder than it sounds. A different line of
+ attack is to exfiltrate the client's password, or other sensitive
+ data that might be sent early in the session. That has been shown
+ to be possible with a server vulnerable to CVE-2021-23214.
+
+
+
+ The PostgreSQL Project thanks
+ Jacob Champion for reporting this problem.
+ (CVE-2021-23222)
+
+
+
+
+