From 65f4dde32a9535a935f3e7df5d4ea138d641b340 Mon Sep 17 00:00:00 2001
From: Jordi Boggiano <j.boggiano@seld.be>
Date: Wed, 13 Apr 2022 16:21:50 +0200
Subject: [PATCH] Update changelog

---
 CHANGELOG.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a35e44bcc..decb5b05c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,12 @@
+### [2.3.5] 2022-04-13
+
+  * Security: Fixed command injection vulnerability in HgDriver/GitDriver (GHSA-x7cr-6qr6-2hh6 / CVE-2022-24828)
+  * Added warning when downloading a file with `verify_peer[_name]` disabled (#10722)
+  * Fixed curl downloader not retrying when a DNS resolution failure occurs (#10716)
+  * Fixed composer.lock file still being used/read when the `lock` config option is disabled (#10726)
+  * Fixed `validate` command checking the lock file even if the `lock` option is disabled (#10723)
+  * Fixed detection of default branch name when it changed since a git repo was mirrored in cache dir (#10701)
+
 ### [2.3.4] 2022-04-07
 
   * Fixed the generated autoload.php to support running on PHP 5.6+ (down from 7.0+) and warn clearly on older PHP versions (#10714)
@@ -1491,6 +1500,7 @@
 
   * Initial release
 
+[2.3.5]: https://github.com/composer/composer/compare/2.3.4...2.3.5
 [2.3.4]: https://github.com/composer/composer/compare/2.3.3...2.3.4
 [2.3.3]: https://github.com/composer/composer/compare/2.3.2...2.3.3
 [2.3.2]: https://github.com/composer/composer/compare/2.3.1...2.3.2