diff --git a/changes/v4.4.19-en.md b/changes/v4.4.19-en.md
index 93f604213..7cf076dfb 100644
--- a/changes/v4.4.19-en.md
+++ b/changes/v4.4.19-en.md
@@ -20,6 +20,8 @@
 - Adds a new feature to enable partial certificate chain validation for TLS listeners[#10553](https://github.com/emqx/emqx/pull/10553).
   If partial_chain is set to 'true', the last certificate in cacertfile is treated as the terminal of the certificate trust-chain. That is, the TLS handshake does not require full trust-chain, and EMQX will not try to validate the chain all the way up to the root CA.
 
+- Adds a new feature to enable client certificate extended key usage validation for TLS listeners[#10669](https://github.com/emqx/emqx/pull/10669).
+
 ## Bug fixes
 
 - Fixed an issue where the rule engine was unable to access variables exported by `FOREACH` in the `DO` clause [#10620](https://github.com/emqx/emqx/pull/10620).
diff --git a/changes/v4.4.19-zh.md b/changes/v4.4.19-zh.md
index dc5a77fac..d94996920 100644
--- a/changes/v4.4.19-zh.md
+++ b/changes/v4.4.19-zh.md
@@ -19,6 +19,8 @@
 
 - 增加了一个新的功能，为 TLS 监听器启用部分证书链验证[#10553](https://github.com/emqx/emqx/pull/10553)。
   如果 partial_chain 设置为“true”，cacertfile 中的最后一个证书将被视为证书信任链的顶端证书。 也就是说，TLS 握手不需要完整的链，并且 EMQX 不会尝试一直验证链直到根 CA。
+  
+- 增加了一个新功能，为 TLS 监听器启用客户端证书扩展密钥使用验证 [#10669](https://github.com/emqx/emqx/pull/10669)。
 
 ## 修复