From 7a69d5c241ddb4851fe8ba4c170cfd8f26f6d18e Mon Sep 17 00:00:00 2001
From: Erik Grinaker <erik@interchain.berlin>
Date: Thu, 13 Aug 2020 15:06:33 +0200
Subject: [PATCH] changelog: add v0.33.8 from release (#5242)

Wasn't added when the release was made, so adding now.
---
 CHANGELOG.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6e31f9fea..89bd5010b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -39,6 +39,7 @@ Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermi
 - [node] [\#5211](https://github.com/tendermint/tendermint/issues/5211) Don't attempt fast sync when the ABCI application specifies ourself as the only validator via `InitChain` (@erikgrinaker)
 - [libs/rand] [\#5215](https://github.com/tendermint/tendermint/pull/5215) Fix out-of-memory error on unexpected argument of Str() (@SadPencil)
 
+
 ## v0.34.0-rc2
 
 *July 30, 2020*
@@ -180,6 +181,15 @@ Friendly reminder, we have a [bug bounty program](https://hackerone.com/tendermi
 
 This release was removed, as a premature GitHub tag was recorded on sum.golang.org causing checksum errors.
 
+## v0.33.8
+
+*August 11, 2020*
+
+## Go security update
+
+Go reported a security vulnerability that affected the `encoding/binary` package. The most recent binary for tendermint is using 1.14.6, for this
+reason the Tendermint engineering team has opted to conduct a release to aid users in using the correct version of Go. Read more about the security issue [here](https://github.com/golang/go/issues/40618).
+
 
 ## v0.33.7