diff --git a/CHANGES b/CHANGES
index 6a42f9422483174e8895151e1c4b28805c359f1a..dbbce58e1ed799685143022fdeaa3972db0dcc97 100644
--- a/CHANGES
+++ b/CHANGES
@@ -520,8 +520,8 @@
      code.
      [Steve Henson]
 
-  *) Correctly increment the reference count in the SSL_SESSION pointer 
-     returned from SSL_get_session().
+  *) SSL_get1_session() is like SSL_get_session(), but increments
+     the reference count in the SSL_SESSION returned.
      [Geoff Thorpe <geoff@eu.c2.net>]
 
   *) Fix for 'req': it was adding a null to request attributes.
diff --git a/NEWS b/NEWS
index b6a3d41df599e2f3e0b6c2341263f2d9e91ba225..522b620f208ce68cf19cc68b1db523bb56164fcb 100644
--- a/NEWS
+++ b/NEWS
@@ -28,6 +28,9 @@
       o TLS/SSL code now "tolerates" MS SGC
       o RSA_NULL option that removes RSA patent code but keeps other
         RSA functionality
+      o Memory leak detection now allows applications to add extra information
+        via a per-thread stack
+      o PRNG robustness improved
 
   Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4: