From 1f5bf77714edeaa52c23be3b037aa0cdcdb38794 Mon Sep 17 00:00:00 2001
From: Kamil Kokot <kamil@kokot.me>
Date: Tue, 10 Jul 2018 13:27:39 +0200
Subject: [PATCH] Mention BC breaks caused while fixing security issues

---
 UPGRADE-1.1.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/UPGRADE-1.1.md b/UPGRADE-1.1.md
index 731755dad92..f0cf123ed17 100644
--- a/UPGRADE-1.1.md
+++ b/UPGRADE-1.1.md
@@ -1,3 +1,14 @@
+# UPGRADE FROM `v1.1.9` TO `v1.1.10`
+
+* **BC BREAK**: `OrderShowMenuBuilder` constructor now requires the fourth argument being 
+  `Symfony\Component\Security\Csrf\CsrfTokenManagerInterface` instance due to security reasons.
+
+# UPGRADE FROM `v1.1.0` TO `v1.1.9`
+
+* **BC BREAK**: `Sylius\Bundle\ResourceBundle\Controller::applyStateMachineTransitionAction` method now includes CSRF token checks due 
+  to security reasons. If you used it for REST API, these checks can be disabled by adding 
+  `csrf_protection: false` to your routing configuration. 
+
 # UPGRADE FROM `v1.0.X` TO `v1.1.0`
 
 * Scanning for `composer.json` file inside themes directories is recursive by default, which can result in slow performance