diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2bb0d18f..2816afb6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,12 +7,14 @@ SPDX-License-Identifier: CC0-1.0
 
 ## 1.7.2-SNAPSHOT
 - Fix bug in `KeyRingInfo.lastModified` (thanks to @Jerbell, @sosnovsky for reporting)
+- Bump `sop-java` to `10.0.3`
+  - allow multiple arguments `--with-key-password` in `revoke-key` command
+  - Properly pass `--old-key-password` and `--new-key-password` options as indirect arguments in `change-key-password` command
 
 ## 1.7.1
 - Bump `sop-java` to `10.0.2`
 - Downgrade `logback-core` and `logback-classic` to `1.2.13` (fix CLI spam)
 
-
 ## 1.7.0
 - Bump `bcpg-jdk8on` to `1.78.1`
 - Bump `bcprov-jdk18on` to `1.78.1`
@@ -42,6 +44,11 @@ SPDX-License-Identifier: CC0-1.0
   - Throw `BadData` error when passing KEYS where CERTS are expected.
   - `armor`: Remove `--label` option
 
+## 1.6.8
+- Bump `sop-java` to `7.0.2`
+- SOP `change-key-password`: Fix reading password from indirect parameter instead of erroneously passing filename (fixes #453)
+- SOP `revoke-key`: Allow for multiple `--with-key-password` options
+
 ## 1.6.7
 - SOP: Fix OOM error when detached-signing large amounts of data (fix #432)
 - Move `CachingBcPublicKeyDataDecryptorFactory` from `org.bouncycastle` packet to `org.pgpainless.decryption_verification` to avoid package split (partially addresses #428)