2 files changed, 19 insertions, 1 deletions

diff --git a/doc/build/changelog.rst b/doc/build/changelog.rst
index b3f06fd..5ca49de 100644
--- a/doc/build/changelog.rst
+++ b/doc/build/changelog.rst
@@ -22,7 +22,12 @@ Changelog
         correctly interpret quoted sections individually. While this parsing issue
         still produced the same expected tag structure later on, the mis-handling
         of quoted sections was also subject to a regexp crash if a tag had a large
-        number of quotes within its quoted sections.
+        number of quotes within its quoted sections.  Credit to Sebastian
+        Chnelik for locating the issue.
+
+        As Mako templates inherently render and directly invoke arbitrary Python
+        code from the template source, it is **never** appropriate to create
+        templates that contain untrusted input.
 
 .. changelog::
     :version: 1.2.1
diff --git a/doc/build/unreleased/367.rst b/doc/build/unreleased/367.rst
new file mode 100644
index 0000000..6798e6e
--- /dev/null
+++ b/doc/build/unreleased/367.rst
@@ -0,0 +1,13 @@
+.. change::
+    :tags: bug, lexer
+    :tickets: 367
+
+    Fixed issue in lexer in the same category as that of :ticket:`366` where
+    the regexp used to match an end tag didn't correctly organize for matching
+    characters surrounded by whitespace, leading to high memory / interpreter
+    hang if a closing tag incorrectly had a large amount of unterminated space
+    in it. Credit to Sebastian Chnelik for locating the issue.
+
+    As Mako templates inherently render and directly invoke arbitrary Python
+    code from the template source, it is **never** appropriate to create
+    templates that contain untrusted input.