diff --git a/CHANGELOG.md b/CHANGELOG.md
index 40ab947..62d0875 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -92,6 +92,11 @@ Please see the [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest
   browser to the last origin listed, rather than returning to the original URL.  This has been
   fixed.
 
+- Bugfix: Previously, the `OAuth2` filter's known endpoints `/.ambassador/oauth2/logout` and
+  `/.ambassador/oauth2/multicookie` did not understand CORS or CORS preflight request which would
+  cause the browser to reject the request. This has now been fixed and these endpoints will attach
+  the appropriate CORS headers to the response.
+
 ## [2.3.2] TBD
 [2.3.2]: https://github.com/datawire/edge-stack/releases/v2.3.2
 
@@ -107,6 +112,11 @@ Please see the [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest
   browser to the last origin listed, rather than returning to the original URL.  This has been
   fixed.
 
+- Bugfix: Previously, the `OAuth2` filter's known endpoints `/.ambassador/oauth2/logout` and
+  `/.ambassador/oauth2/multicookie` did not understand CORS or CORS preflight request which would
+  cause the browser to reject the request. This has now been fixed and these endpoints will attach
+  the appropriate CORS headers to the response.
+
 ## [3.0.0] 2022-06-29
 [3.0.0]: https://github.com/datawire/edge-stack/releases/v3.0.0
 
diff --git a/docs/releaseNotes.yml b/docs/releaseNotes.yml
index 13749ec..d53d292 100644
--- a/docs/releaseNotes.yml
+++ b/docs/releaseNotes.yml
@@ -50,6 +50,13 @@ items:
           adjust the cookies for an active login (which only happens when using a refresh token), it
           would erroneously redirect the web browser to the last origin listed, rather than
           returning to the original URL.  This has been fixed.
+      - title: Correctly handle CORS and CORs preflight request within the OAuth2 Fitler known endpoints
+        type: bugfix
+        body: >-
+          Previously, the <code>OAuth2</code> filter's known endpoints <code>/.ambassador/oauth2/logout</code>
+          and <code>/.ambassador/oauth2/multicookie</code> did not understand CORS or CORS preflight request
+          which would cause the browser to reject the request. This has now been fixed and these endpoints will
+          attach the appropriate CORS headers to the response.
   - version: 2.3.2
     date: 'TBD'
     notes:
@@ -68,6 +75,13 @@ items:
           adjust the cookies for an active login (which only happens when using a refresh token), it
           would erroneously redirect the web browser to the last origin listed, rather than
           returning to the original URL.  This has been fixed.
+      - title: Correctly handle CORS and CORs preflight request within the OAuth2 Fitler known endpoints
+        type: bugfix
+        body: >-
+          Previously, the <code>OAuth2</code> filter's known endpoints <code>/.ambassador/oauth2/logout</code>
+          and <code>/.ambassador/oauth2/multicookie</code> did not understand CORS or CORS preflight request
+          which would cause the browser to reject the request. This has now been fixed and these endpoints will
+          attach the appropriate CORS headers to the response.
   - version: 3.0.0
     date: '2022-06-29'
     notes: