From 4151910c738f1feae681311cde7a581cf3c4727f Mon Sep 17 00:00:00 2001
From: deckhouse-BOaTswain
 <89150800+deckhouse-BOaTswain@users.noreply.github.com>
Date: Tue, 21 Apr 2026 16:01:06 +0300
Subject: [PATCH] Changelog v1.6.3 (#2241)

Signed-off-by: deckhouse-BOaTswain <89150800+deckhouse-boatswain@users.noreply.github.com>
Co-authored-by: nevermarine <nevermarine@users.noreply.github.com>
---
 CHANGELOG/CHANGELOG-v1.6.3.yml |  2 ++
 CHANGELOG/CHANGELOG-v1.6.md    | 16 ++++++++++++++++
 2 files changed, 18 insertions(+)
 create mode 100644 CHANGELOG/CHANGELOG-v1.6.3.yml

diff --git a/CHANGELOG/CHANGELOG-v1.6.3.yml b/CHANGELOG/CHANGELOG-v1.6.3.yml
new file mode 100644
index 0000000000..311847daa5
--- /dev/null
+++ b/CHANGELOG/CHANGELOG-v1.6.3.yml
@@ -0,0 +1,2 @@
+{}
+
diff --git a/CHANGELOG/CHANGELOG-v1.6.md b/CHANGELOG/CHANGELOG-v1.6.md
index 70659ca4c1..dfbf3b25a7 100644
--- a/CHANGELOG/CHANGELOG-v1.6.md
+++ b/CHANGELOG/CHANGELOG-v1.6.md
@@ -28,5 +28,21 @@
 ## Chore
 
 
+ - **[core]** Fixed vulnerabilities:
+    - CVE-2026-32283
+    - CVE-2026-27139
+    - CVE-2026-32289
+    - CVE-2026-32288
+    - CVE-2026-32281
+    - CVE-2026-27142
+    - CVE-2026-33997
+    - CVE-2026-33726
+    - CVE-2026-32282
+    - CVE-2026-32280
+    - CVE-2026-25679
+    - CVE-2026-34040
+    - CVE-2026-34986
+    - CVE-2026-39883
+    - CVE-2026-33186 [#2218](https://github.com/deckhouse/virtualization/pull/2218)
  - **[vm]** Added the `--from-file` flag to the `vlctl` utility for viewing domain information from a local libvirt XML file. [#2014](https://github.com/deckhouse/virtualization/pull/2014)