Include 1.2.12 release information in ChangeLog
diff --git a/ChangeLog b/ChangeLog
index bef1abe..fd83b9e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -427,6 +427,33 @@
    * RSA blinding on CRT operations to counter timing attacks
      (found by Cyril Arnaud and Pierre-Alain Fouque)
 
+= Version 1.2.12 released 2014-10-24
+
+Security
+   * Remotely-triggerable memory leak when parsing some X.509 certificates
+     (server is not affected if it doesn't ask for a client certificate).
+     (Found using Codenomicon Defensics.)
+
+Bugfix
+   * Fix potential bad read in parsing ServerHello (found by Adrien
+     Vialletelle).
+   * ssl_close_notify() could send more than one message in some circumstances
+     with non-blocking I/O.
+   * x509_crt_parse() did not increase total_failed on PEM error
+   * Fix compiler warnings on iOS (found by Sander Niemeijer).
+   * Don't print uninitialised buffer in ssl_mail_client (found by Marc Abel).
+   * Fix net_accept() regarding non-blocking sockets (found by Luca Pesce).
+   * ssl_read() could return non-application data records on server while
+     renegotation was pending, and on client when a HelloRequest was received.
+   * Fix warnings from Clang's scan-build (contributed by Alfred Klomp).
+
+Changes
+   * X.509 certificates with more than one AttributeTypeAndValue per
+     RelativeDistinguishedName are not accepted any more.
+   * ssl_read() now returns POLARSSL_ERR_NET_WANT_READ rather than
+     POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE on harmless alerts.
+   * Accept spaces at end of line or end of buffer in base64_decode().
+
 = Version 1.2.11 released 2014-07-11
 Features
    * Entropy module now supports seed writing and reading