diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 00a0325eee..2cf3affa0a 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -45,6 +45,12 @@ Changelog
  * Fix: Invalid focal_point attribute on image edit view (Michał (Quadric) Sieradzki)
 
 
+2.8.1 (14.04.2020)
+~~~~~~~~~~~~~~~~~~
+
+ * Fix: CVE-2020-11001 - prevent XSS attack via page revision comparison view (Vlad Gerasimenko, Matt Westcott)
+
+
 2.8 (03.02.2020)
 ~~~~~~~~~~~~~~~~
 
diff --git a/docs/releases/2.8.1.rst b/docs/releases/2.8.1.rst
new file mode 100644
index 0000000000..b295ff7378
--- /dev/null
+++ b/docs/releases/2.8.1.rst
@@ -0,0 +1,10 @@
+===========================
+Wagtail 2.8.1 release notes
+===========================
+
+CVE-2020-11001: Possible XSS attack via page revision comparison view
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This release addresses a cross-site scripting (XSS) vulnerability on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft a page revision history that, when viewed by a user with higher privileges, could perform actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin.
+
+Many thanks to Vlad Gerasimenko for reporting this issue.
diff --git a/docs/releases/index.rst b/docs/releases/index.rst
index 3eb3445738..41a9a358c4 100644
--- a/docs/releases/index.rst
+++ b/docs/releases/index.rst
@@ -6,6 +6,7 @@ Release notes
 
    upgrading
    2.9
+   2.8.1
    2.8
    2.7.2
    2.7.1