diff --git a/java/ql/lib/change-notes/2026-02-12-pattern-annotation-ssrf-sanitizer.md b/java/ql/lib/change-notes/2026-02-12-pattern-annotation-ssrf-sanitizer.md
new file mode 100644
index 00000000000..20d3d08b300
--- /dev/null
+++ b/java/ql/lib/change-notes/2026-02-12-pattern-annotation-ssrf-sanitizer.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* More ways of checking that a string matches a regular expression are now considered as sanitizers for various queries, including `java/ssrf` and `java/path-injection`. In particular, being annotated with `@javax.validation.constraints.Pattern` is now recognised as a sanitizer for those queries.