diff --git a/changelog.md b/changelog.md
index 5643540d..b0a6c2e3 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,6 +1,7 @@
 # PHPMailer Change Log
 
-* **SECURITY** Fixes CVE-2021-3603 that may permit untrusted code to be run from an address validator, see SECURITY.md for details
+* **SECURITY** Fixes CVE-2021-3603 that may permit untrusted code to be run from an address validator, see [SECURITY.md](SECURITY.md) for details
+* The fix for this issue includes a minor BC break: callables injected into `validateAddress`, or indirectly through the `$validator` class property, may no longer be simple strings. If you want to inject your own validator, provide a closure instead of a function name.
 
 ## Version 6.4.1 (April 29th, 2021)
 * **SECURITY** Fixes CVE-2020-36326, a regression of CVE-2018-19296 object injection introduced in 6.1.8, see SECURITY.md for details