diff --git a/python-aiohttp.changes b/python-aiohttp.changes
index f0109cd..65ad276 100644
--- a/python-aiohttp.changes
+++ b/python-aiohttp.changes
@@ -6,6 +6,8 @@ Fri Jan  9 01:40:14 UTC 2026 - Steve Kowalik <steven.kowalik@suse.com>
     + Brotli and brotlicffi minimum version is now 1.2. Decompression now has
       a default maximum output size of 32MiB per decompress call
       (bsc#1256017, CVE-2025-69223, GHSA-6mq8-rvhq-8wgg)
+    + Check for ASCII in header values
+      (bsc#1256018, CVE-2025-69224, GHSA-69f9-5gxw-wvc2)
     + Forbid non-ASCII decimals in the Range header
       (bsc#1256019, CVE-2025-69225, GHSA-mqqc-3gqh-h2x8)
     + Reject static URLs that traverse outside static root