From a08d6ce2c5a051a2ec6b2f9bac860133b75947d3 Mon Sep 17 00:00:00 2001
From: Tyler Koenig <tyler@lerkolabs.com>
Date: Mon, 1 Jun 2026 19:27:04 -0400
Subject: [PATCH] docs: add 2026.06.1 changelog entry

---
 CHANGELOG.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0e734bc..4d196d1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,20 @@
 # Changelog
 
+## [2026.06.1] — 2026-06-01
+
+### Changed
+- Container runs as non-root user `uptop` (UID/GID 1000) instead of root (#44)
+- SSH host key relocated to `/data/.ssh/id_ed25519` for non-root compatibility (#44)
+- Release workflow prunes dangling images and build cache after Docker push (#44)
+
+### Added
+- SBOM and provenance attestations on Docker images for supply chain compliance (#44)
+- Entrypoint script with volume writability check and migration guidance (#44)
+
+### Breaking
+- Existing Docker volumes with root-owned files require migration before upgrading:
+  `docker run --rm -v <volume>:/data alpine chown -R 1000:1000 /data`
+
 ## [2026.05.5] — 2026-05-29
 
 ### Added