diff --git a/releasenotes/notes/Fix-CVE-2024-45337-8e5b84ce0da9566d.yaml b/releasenotes/notes/Fix-CVE-2024-45337-8e5b84ce0da9566d.yaml
new file mode 100644
index 00000000000000..78d7dc7aa5a700
--- /dev/null
+++ b/releasenotes/notes/Fix-CVE-2024-45337-8e5b84ce0da9566d.yaml
@@ -0,0 +1,11 @@
+# Each section from every release note are combined when the
+# CHANGELOG.rst is rendered. So the text needs to be worded so that
+# it does not depend on any information only available in another
+# section. This may mean repeating some details, but each section
+# must be readable independently of the other.
+#
+# Each section note must be formatted as reStructuredText.
+---
+security:
+  - |
+    Update ``golang.org/x/crypto`` to fix CVE-2024-45337.