diff --git a/doc/src/sgml/release-14.sgml b/doc/src/sgml/release-14.sgml
index b009e51f97..acc374d6c5 100644
--- a/doc/src/sgml/release-14.sgml
+++ b/doc/src/sgml/release-14.sgml
@@ -35,6 +35,76 @@
+
+ Prevent CREATE SCHEMA from defeating changes
+ in search_path (Alexander Lakhin)
+
+
+
+ Within a CREATE SCHEMA command, objects in the
+ prevailing search_path, as well as those in the
+ newly-created schema, would be visible even within a called
+ function or script that attempted to set a
+ secure search_path. This could allow any user
+ having permission to create a schema to hijack the privileges of a
+ security definer function or extension script.
+
+
+
+ The PostgreSQL Project thanks
+ Alexander Lakhin for reporting this problem.
+ (CVE-2023-2454)
+
+
+
+
+
+
+ Enforce row-level security policies correctly after inlining a
+ set-returning function (Stephen Frost, Tom Lane)
+
+
+
+ If a set-returning SQL-language function refers to a table having
+ row-level security policies, and it can be inlined into a calling
+ query, those RLS policies would not get enforced properly in some
+ cases involving re-using a cached plan under a different role.
+ This could allow a user to see or modify rows that should have been
+ invisible.
+
+
+
+ The PostgreSQL Project thanks
+ Wolfgang Walther for reporting this problem.
+ (CVE-2023-2455)
+
+
+
+
+