diff --git a/CHANGES b/CHANGES
index ba83424e8b..3a8ce8bbe7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+6374.	[bug]		Skip to next RRSIG if signature has expired or is in
+			the future rather than failing immediately. [GL #4586]
+
 6372.	[func]		Implement signature jitter for dnssec-policy. [GL #4554]
 
 	--- 9.18.26 released ---
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index e59cc4eacb..830db8efa5 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -33,7 +33,9 @@ Removed Features
 Feature Changes
 ~~~~~~~~~~~~~~~
 
-- None.
+- DNSSEC signatures that are not valid because the current time falls outside
+  the signature inception and expiration dates no longer count are skipped
+  instead of causing instant validation failure. :gl:`#4586`
 
 Bug Fixes
 ~~~~~~~~~