diff --git a/changelog.d/c2s-update-authorization.security b/changelog.d/c2s-update-authorization.security
new file mode 100644
index 000000000..0fe7d97c9
--- /dev/null
+++ b/changelog.d/c2s-update-authorization.security
@@ -0,0 +1 @@
+Fix authorization checks for C2S Update activities to prevent unauthorized modifications of other users' content.
\ No newline at end of file
diff --git a/changelog.d/cross-domain-redirect-check.security b/changelog.d/cross-domain-redirect-check.security
new file mode 100644
index 000000000..9201de794
--- /dev/null
+++ b/changelog.d/cross-domain-redirect-check.security
@@ -0,0 +1 @@
+Reject cross-domain redirects when fetching ActivityPub objects to prevent bypassing domain-based security controls.
\ No newline at end of file
diff --git a/changelog.d/emoji-shortcode-validation.security b/changelog.d/emoji-shortcode-validation.security
new file mode 100644
index 000000000..5a7d39279
--- /dev/null
+++ b/changelog.d/emoji-shortcode-validation.security
@@ -0,0 +1 @@
+Limit emoji shortcodes to alphanumeric, dash, or underscore characters to prevent potential abuse.
\ No newline at end of file
diff --git a/changelog.d/local-fetch-prevention.security b/changelog.d/local-fetch-prevention.security
index f72342316..e012abcd5 100644
--- a/changelog.d/local-fetch-prevention.security
+++ b/changelog.d/local-fetch-prevention.security
@@ -1 +1 @@
-Security: Block attempts to fetch activities from the local instance to prevent spoofing.
\ No newline at end of file
+Block attempts to fetch activities from the local instance to prevent spoofing.
\ No newline at end of file
diff --git a/changelog.d/media-proxy-sanitize.security b/changelog.d/media-proxy-sanitize.security
new file mode 100644
index 000000000..b94348ea7
--- /dev/null
+++ b/changelog.d/media-proxy-sanitize.security
@@ -0,0 +1 @@
+Sanitize Content-Type headers in media proxy to prevent serving malicious ActivityPub content through proxied media.
\ No newline at end of file
diff --git a/changelog.d/object-fetcher-content-type.security b/changelog.d/object-fetcher-content-type.security
new file mode 100644
index 000000000..2ef4aefe7
--- /dev/null
+++ b/changelog.d/object-fetcher-content-type.security
@@ -0,0 +1 @@
+Validate Content-Type headers when fetching remote ActivityPub objects to prevent spoofing attacks.
\ No newline at end of file