From b7d3aed766132c7ef67acb2006e18db8c771c892 Mon Sep 17 00:00:00 2001
From: Mike Dalessio <mike.dalessio@gmail.com>
Date: Tue, 4 Dec 2018 16:58:19 -0500
Subject: [PATCH] update CHANGELOG

related to #1831
---
 CHANGELOG.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9c665cfb7f..f674775a58 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # next / unreleased
 
+## Security Notes
+
+* [JRuby] Upgrade Xerces dependency from 2.11.0 to 2.12.0 to address upstream vulnerability CVE-2012-0881 [#1831] (Thanks @grajagandev for reporting.)
+
+
 ## Features
 
 * `XML::Attr#value=` allows HTML node attribute values to be set to either a blank string or an empty boolean attribute. [#1800]
@@ -22,7 +27,7 @@
 ## Dependencies
 
 * [MRI] Upgrade mini_portile2 dependency from `~> 2.3.0` to `~> 2.4.0`
-* [JRuby] Upgrade Xerces dependency from 2.11.0 to 2.12.0
+
 
 # 1.8.5 / 2018-10-04