diff --git a/releasenotes/notes/bug-2059809-disallow-qcow2-datafile-5d5ff4dbd590c911.yaml b/releasenotes/notes/bug-2059809-disallow-qcow2-datafile-5d5ff4dbd590c911.yaml
new file mode 100644
index 0000000000..719c9b48fe
--- /dev/null
+++ b/releasenotes/notes/bug-2059809-disallow-qcow2-datafile-5d5ff4dbd590c911.yaml
@@ -0,0 +1,17 @@
+---
+security:
+  - |
+    Images in the qcow2 format with an external data file are now
+    rejected from glance because such images could be used in an
+    exploit to expose host information. See `Bug #2059809
+    <https://bugs.launchpad.net/glance/+bug/2059809>`_ for details.
+fixes:
+  - |
+    `Bug #2059809 <https://bugs.launchpad.net/glance/+bug/2059809>`_:
+    Fixed issue where a qcow2 format image with an external data file
+    could expose host information. Such an image format with an external
+    data file will be rejected from glance. To achieve the same,
+    format_inspector has been extended by adding safety checks for qcow2
+    and vmdk files in glance. Unsafe qcow and vmdk files will be rejected
+    by pre-examining them with a format inspector to ensure safe
+    configurations prior to any qemu-img operations.