diff --git a/NEWS b/NEWS
index 0fe99f5..10b2bf5 100644
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,8 @@ Releases
 v1.10.0 (DD MM YYYY)
 --------------------
 
+* #116: Limit `Message.get_bytes` to an upper bound of 1MB to protect against
+  potential DoS vectors. Thanks to `@mvschaik` for catch & patch.
 * #115: Add convenience `get_pty` kwarg to `Client.exec_command` so users not
   manually controlling a channel object can still toggle PTY creation. Thanks
   to Michael van der Kolff for the patch.