diff --git a/changelog.html b/changelog.html
index 8250f3d6fe4f754420c6e3afde3767d1b82ec3eb..ceae9beb5f6e03c8234af940597e1e9aeecd2007 100644
--- a/changelog.html
+++ b/changelog.html
@@ -64,7 +64,7 @@ Upcoming changes</a>
 <h3><a name=v1.438>What's new in 1.438</a> <!--=DATE=--></h3>
 <ul class=image>
   <li class='major bug'>
-    Fixed XSS vulnerability with the built-in servlet container.
+    Thanks to Luca De Fulgentis, fixed XSS vulnerability with the built-in servlet container.
     (SECURITY-17)
   <li class=bug>
   Repeated ids, expandTextArea() and multiple "Invoke Ant" build steps.