diff --git a/CHANGELOG.md b/CHANGELOG.md
index b372df6af..351896912 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,7 @@
 ## Unreleased
 
 #### Merged Pull Requests
+- Explicitly pin openssl to 1.0.2zi to avoid a CVE - inspec-4 [#6823](https://github.com/inspec/inspec/pull/6823) ([clintoncwolfe](https://github.com/clintoncwolfe))
 - Backport #6815 - Pin Thor to < 1.3.0 [#6818](https://github.com/inspec/inspec/pull/6818) ([Vasu1105](https://github.com/Vasu1105))
 - Bump omnibus-software from `b3d89a4` to `4fef367` in /omnibus [#6804](https://github.com/inspec/inspec/pull/6804) ([dependabot[bot]](https://github.com/dependabot[bot]))
 - CHEF-7151: Configures SonarQube and coverage pipeline on inspec-4 [#6800](https://github.com/inspec/inspec/pull/6800) ([Vasu1105](https://github.com/Vasu1105))
@@ -13,6 +14,7 @@
 ### Changes since 4.56.20 release
 
 #### Merged Pull Requests
+- Explicitly pin openssl to 1.0.2zi to avoid a CVE - inspec-4 [#6823](https://github.com/inspec/inspec/pull/6823) ([clintoncwolfe](https://github.com/clintoncwolfe)) <!-- 4.56.57 -->
 - Backport #6815 - Pin Thor to &lt; 1.3.0 [#6818](https://github.com/inspec/inspec/pull/6818) ([Vasu1105](https://github.com/Vasu1105)) <!-- 4.56.57 -->
 - Bump omnibus-software from `b3d89a4` to `4fef367` in /omnibus [#6804](https://github.com/inspec/inspec/pull/6804) ([dependabot[bot]](https://github.com/dependabot[bot])) <!-- 4.56.57 -->
 - CHEF-7151: Configures SonarQube and coverage pipeline on inspec-4 [#6800](https://github.com/inspec/inspec/pull/6800) ([Vasu1105](https://github.com/Vasu1105)) <!-- 4.56.57 -->