diff --git a/news/bugfix-3900.md b/news/bugfix-3900.md
new file mode 100644
index 0000000000..e39ad3c243
--- /dev/null
+++ b/news/bugfix-3900.md
@@ -0,0 +1,5 @@
+`syslog-ng`: fix a SIGSEGV triggered by an incorrectly formatted "CONFIG"
+command, received on the syslog-ng control socket.  The only known
+implementation of the control protocol is syslog-ng-ctl itself, which always
+sends a correct command, but anyone with access to the UNIX domain socket
+`syslog-ng.ctl` (root only by default) can trigger a crash.