diff --git a/CHANGES b/CHANGES
index 3955f7f618..b34478bf5c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+6190.	[security]	Improve the overmem cleaning process to prevent the
+			cache going over the configured limit. (CVE-2023-2828)
+			[GL #4055]
+
 6188.	[performance]	Reduce memory consumption by allocating properly
 			sized send buffers for stream-based transports.
 			[GL #4038]
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index 5ae9d306f8..78c3c048e2 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -15,7 +15,14 @@ Notes for BIND 9.18.16
 Security Fixes
 ~~~~~~~~~~~~~~
 
-- None.
+- The overmem cleaning process has been improved, to prevent the cache from
+  significantly exceeding the configured :any:`max-cache-size` limit.
+  (CVE-2023-2828)
+
+  ISC would like to thank Shoham Danino from Reichman University, Anat
+  Bremler-Barr from Tel-Aviv University, Yehuda Afek from Tel-Aviv University,
+  and Yuval Shavitt from Tel-Aviv University for bringing this vulnerability to
+  our attention.  :gl:`#4055`
 
 New Features
 ~~~~~~~~~~~~