diff --git a/CHANGELOG-v10.md b/CHANGELOG-v10.md
index 18f86cf3..d89c95d1 100644
--- a/CHANGELOG-v10.md
+++ b/CHANGELOG-v10.md
@@ -29,5 +29,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
     - `sRefreshTokenLifetime` - options for refresh token lifetime, from 24 hours to 90 days
     - `sFingerprintCookieMode` - option for the authentication fingerprint cookie mode, same or cross origin
 - Access and refresh tokens are now invalidated when the user's password is changed
+  - New event subscriber:
+    - `OxidEsales\GraphQL\Base\Event\Subscriber\PasswordChangeSubscriber`
+
+## Changed
+- Renamed OxidEsales\GraphQL\Base\Infrastructure\Token::cleanUpTokens() to deleteOrphanedTokens()
 
 [10.0.0]: https://github.com/OXID-eSales/graphql-base-module/compare/v9.0.0...b-7.2.x