diff --git a/WHATSNEW.md b/WHATSNEW.md
index 1a5ab807ec03b2592b40c7e1c161a501db6b3ad7..8968128bc03716454d2514f2026c6f5f594b26fb 100644
--- a/WHATSNEW.md
+++ b/WHATSNEW.md
@@ -1,3 +1,10 @@
+osTicket v1.9.16
+================
+### Performance and Security
+ * XSS: Encode html entities of cached form data (#3960, bcd58e8)
+ * ORM: Addresses an SQL injection vulnerability in ORM lookup function
+    (#3959, 1eaa6910)
+
 osTicket v1.9.15
 ================
 ### Enhancements