diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
index 59829a7e4..3d57b7468 100644
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@@ -11,3 +11,9 @@
 * FTP Client upload and logging improvements
 * Refactor base64 handling for Android compatibility
 
+## Security Note
+
+The validator unzips archive files to the local file system when 
+it is scanning zip files it has been asked to validate, and when it is
+installing packages. These processes are now resistant to the zip-slip
+vulnerability.
\ No newline at end of file