diff --git a/.changelog/24683.txt b/.changelog/24683.txt
new file mode 100644
index 00000000000..33d58645ebd
--- /dev/null
+++ b/.changelog/24683.txt
@@ -0,0 +1,3 @@
+```release-note:security
+security: sanitizing the SignedIdentities in allocations to prevent privilege escalation through unredacted workload identity token associated with ACL policies.
+```