diff --git a/CHANGES.rst b/CHANGES.rst
index 6cef031159d..891f1ae6efe 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -18,5 +18,9 @@ Features added
 Bugs fixed
 ----------
 
+* #13060: HTML Search: use ``Map`` instead of object literal to store
+  per-file term scores, to prevent prototype pollution.
+  Patch by James Addison
+
 Testing
 -------