diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1761f8aa6546d0..cdd39780faeb94 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -107,7 +107,8 @@ release.
0.12.0
-0.10.47
+0.10.48
+>0.10.47
0.10.46
0.10.45
0.10.44
diff --git a/doc/changelogs/CHANGELOG_V010.md b/doc/changelogs/CHANGELOG_V010.md
index 3133a3b60efa36..ae701ef5623974 100644
--- a/doc/changelogs/CHANGELOG_V010.md
+++ b/doc/changelogs/CHANGELOG_V010.md
@@ -6,6 +6,7 @@
|
+0.10.48
0.10.47
0.10.46
0.10.45
@@ -72,6 +73,21 @@
[Node.js Long Term Support Plan](https://github.com/nodejs/LTS) and
will be maintained until October 2016.
+
+## 2016-10-18, Version 0.10.48 (Maintenance), @rvagg
+
+This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/ for details on patched vulnerabilities.
+
+### Notable changes
+
+* c-ares: fix for single-byte buffer overwrite, CVE-2016-5180, more information at https://c-ares.haxx.se/adv_20160929.html (Rod Vagg)
+
+### Commits
+
+* [a14a6a3a11] - deps: c-ares, avoid single-byte buffer overwrite (Rod Vagg) https://github.com/nodejs/node/pull/9108
+* [b798f598af] - tls: fix minor jslint failure (Rod Vagg) https://github.com/nodejs/node/pull/9107
+* [92b232ba01] - win,build: try multiple timeservers when signing (Rod Vagg) https://github.com/nodejs/node/pull/9155
+
## 2016-09-27, Version 0.10.47 (Maintenance), @rvagg
|