diff --git a/CHANGELOG.md b/CHANGELOG.md
index ea30443..ae10262 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,6 +15,7 @@ All notable changes to this project will be documented in this file.
     ```
 
     If you're using `eerepr` through `geemap>=0.35.2`, this is [handled automatically](https://github.com/gee-community/geemap/pull/2183) by `geemap`.
+- For security, HTML within Earth Engine objects is no longer rendered. This is consistent with the Code Editor.
 
 ### Added
 
@@ -37,6 +38,10 @@ All notable changes to this project will be documented in this file.
 - Dropped Python 3.7 support
 - Automatic `initialize` on import
 
+### Security
+
+- Escape HTML in all server-side data to prevent injection attacks
+
 ## [0.0.4] - 2022-11-30
 
 ### Added