diff --git a/release-notes-published/7.0.16.md b/release-notes-published/7.0.16.md
new file mode 100644
index 0000000000..5d09ddc245
--- /dev/null
+++ b/release-notes-published/7.0.16.md
@@ -0,0 +1,11 @@
+## Git update fixing CVE-2025-48385
+
+Git vulnerabilities were [disclosed 8 July 2025](https://groups.google.com/g/git-packagers/c/cYJ6peBtyxk/m/xVukiATcBQAJ) and require an update of the Git version used by Forgejo to Git [v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, or v2.50.1](https://nvd.nist.gov/vuln/detail/CVE-2025-48385). The [containers of this release](https://codeberg.org/forgejo/-/packages/container/forgejo/7.0.16) include a Git binary that is not vulnerable. If Forgejo was installed using a container, it is enough to upgrade  the container to get the latest Git binary.
+
+Security bug fixes are only for Git, there are no security fixes for Forgejo itself in this release.
+
+<!--start release-notes-assistant-->
+
+## Release notes
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+<!--end release-notes-assistant-->