diff --git a/ChangeLog b/ChangeLog
index 8f7843dc6..ac8ba3f97 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,8 @@ mbed TLS ChangeLog (Sorted per branch, date)
 Bugfix
    * Fix ssl_parse_record_header() to silently discard invalid DTLS records
      as recommended in RFC 6347 Section 4.1.2.7.
+   * Add size-checks for record and handshake message content, securing
+     fragile yet non-exploitable code-paths.
 
 = mbed TLS 2.1.9 branch released 2017-08-10