From bd5ac019cee0aafb0af6e66d264a872b8501a167 Mon Sep 17 00:00:00 2001
From: SomberNight <somber.night@protonmail.com>
Date: Tue, 28 Apr 2026 17:07:00 +0000
Subject: [PATCH] release notes: 4.7.2: add links to security disclosures

---
 RELEASE-NOTES | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 7219681db..710ac1aae 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -1,4 +1,9 @@
 # Release 4.7.2 (April 1, 2026)
+ * security fixes and disclosures:
+   - (sev-medium) External Plugin authorization bypass: local code execution
+     - see https://github.com/spesmilo/electrum/security/advisories/GHSA-vw94-r84p-66qf
+   - (sev-low) Nostr Wallet Connect plugin: daily spending limit bypass
+     - see https://github.com/spesmilo/electrum/security/advisories/GHSA-q7m2-785w-r585
  * General:
    - changed: set restrictive unix umask (0077) application-wide by default (#10547)
    - fix: failing assert for wallets with old (2023) still unpaid LN payment requests (#10502)