diff --git a/CHANGES.rst b/CHANGES.rst
index 480ebe83c..c05bc66fa 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -4,7 +4,7 @@ unreleased
 Features
 --------
 
-- Add support for Python 3.11 and 3.12.
+- Add support for Python 3.12.
 
 - Added HTTP 418 error code via `pyramid.httpexceptions.HTTPImATeapot`.
   See https://github.com/Pylons/pyramid/pull/3667
@@ -31,17 +31,6 @@ Features
 Bug Fixes
 ---------
 
-- Removed support for null-bytes in the path when making a request for a file
-  against a static_view. Whille null-bytes are allowed by the HTTP
-  specification, due to the handling of null-bytes potentially leading to
-  security vulnerabilities it is no longer supported.
-
-  This fixes a security vulnerability that is present due to a bug in Python
-  3.11.0 through 3.11.4, thereby allowing the unintended disclosure of an
-  ``index.html`` one directory up from the static views path.
-
-  Thanks to Masashi Yamane of LAC Co., Ltd for reporting this issue.
-
 - Fix issues where permissions may be checked on exception views. This is not
   supposed to happen in normal circumstances.
 
@@ -62,9 +51,6 @@ Backward Incompatibilities
 
 - Drop support for Python 3.6 and 3.7.
 
-- Requests to a static_view are no longer allowed to contain a null-byte in any
-  part of the path segment.
-
 - Drop support for l*gettext() methods in the i18n module.
   These have been deprecated in Python's gettext module since 3.8, and
   removed in Python 3.11.