diff --git a/CHANGELOG b/CHANGELOG
index 2da6efe36..879ca7245 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -84,3 +84,5 @@ Lock files are automatically removed when the process creating them exits.
 NetBSD 4.0 support.
 Italian and Catalan translations contributed for many modules, thanks to Giovanni and Jaume Badiella.
 Changed the error message that appears when Webmin detects a link from another web page, and removed the button to allow the link (which was unreliable anyway).
+---- Changes since 1.390 ----
+Links from unknown referers are now blocked by default, to prevent XSS attacks. This may break browsers that don't supply a Referer: HTTP header.