diff --git a/go/ql/lib/change-notes/2025-09-30-fewer-safe-urls.md b/go/ql/lib/change-notes/2025-09-30-fewer-safe-urls.md
new file mode 100644
index 00000000000..5eeee51c4a3
--- /dev/null
+++ b/go/ql/lib/change-notes/2025-09-30-fewer-safe-urls.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* `go/unvalidated-url-redirection` and `go/request-forgery` have a shared notion of a safe URL, which is known to not be malicious. Some URLs which were incorrectly considered safe are now correctly considered unsafe. This may lead to more alerts for those two queries.