diff --git a/NEWS b/NEWS
index 05ba8a9ba93..31c2a4fdda1 100644
--- a/NEWS
+++ b/NEWS
@@ -17,6 +17,11 @@ PHP                                                                        NEWS
   . Fixed bug GH-15432 (Heap corruption when querying a vector). (cmb,
     Kamil Tekiela)
 
+- Standard:
+  . The "allowed_classes" option for unserialize() now throws TypeErrors and
+    ValueErrors	if it is not an	array of class names. (Girgias)
+
+
 15 Aug 2024, PHP 8.4.0beta3
 
 - Core:
diff --git a/UPGRADING b/UPGRADING
index d9bc98f9b55..7778dbbde03 100644
--- a/UPGRADING
+++ b/UPGRADING
@@ -202,6 +202,8 @@ PHP 8.4 UPGRADE NOTES
     byte long or the empty string. This aligns the behaviour to be identical
     to that of fputcsv() and fgetcsv().
   . php_uname() now throws ValueErrors on invalid inputs.
+  . The "allowed_classes" option for unserialize() now throws TypeErrors and
+    ValueErrors if it is not an array of class names.
 
 - Tidy:
   . Failures in the constructor now throw exceptions rather than emitting