diff --git a/doc/src/sgml/release-11.sgml b/doc/src/sgml/release-11.sgml
index 91fd813bd3..8a35fbe2bf 100644
--- a/doc/src/sgml/release-11.sgml
+++ b/doc/src/sgml/release-11.sgml
@@ -30,7 +30,7 @@
However, if you use BRIN indexes, it may be advisable to reindex them;
- see the first changelog entry below.
+ see the second changelog entry below.
@@ -46,6 +46,35 @@
+
+ Disallow substituting a schema or owner name into an extension script
+ if the name contains a quote, backslash, or dollar sign (Noah Misch)
+
+
+
+ This restriction guards against SQL-injection hazards for trusted
+ extensions.
+
+
+
+ The PostgreSQL Project thanks Micah Gate,
+ Valerie Woolard, Tim Carey-Smith, and Christoph Berg for reporting
+ this problem.
+ (CVE-2023-39417)
+
+
+
+
+