diff --git a/CHANGELOG-1.0.md b/CHANGELOG-1.0.md
index 3068bbefed6..3d0fa276463 100644
--- a/CHANGELOG-1.0.md
+++ b/CHANGELOG-1.0.md
@@ -1,5 +1,15 @@
 # CHANGELOG FOR `1.0.X`
 
+## v1.0.18 (2018-07-10)
+
+#### TL;DR
+
+- Fixing the application after not-so-perfect security issue fix in the last release
+
+#### Details
+
+- [See the diff since the last patch release](https://github.com/Sylius/Sylius/compare/v1.0.17...v1.0.18)
+
 ## v1.0.17 (2018-07-08)
 
 #### TL;DR
diff --git a/CHANGELOG-1.1.md b/CHANGELOG-1.1.md
index bb91f3ed4f7..f946449e073 100644
--- a/CHANGELOG-1.1.md
+++ b/CHANGELOG-1.1.md
@@ -1,5 +1,15 @@
 # CHANGELOG FOR `1.1.X`
 
+## v1.1.10 (2018-07-10)
+
+#### TL;DR
+
+- Fixing the application after not-so-perfect security issue fix in the last release
+
+#### Details
+
+- [See the diff since the last patch release](https://github.com/Sylius/Sylius/compare/v1.1.9...v1.1.10)
+
 ## v1.1.9 (2018-07-08)
 
 #### TL;DR
diff --git a/UPGRADE-1.0.md b/UPGRADE-1.0.md
index 8f0b16ec14a..9ee0dfdade4 100644
--- a/UPGRADE-1.0.md
+++ b/UPGRADE-1.0.md
@@ -1,6 +1,11 @@
+# UPGRADE FROM `v1.0.17` TO `v1.0.18`
+
+* **BC BREAK**: `OrderShowMenuBuilder` constructor now requires the fourth argument being 
+  `Symfony\Component\Security\Csrf\CsrfTokenManagerInterface` instance due to security reasons.
+
 # UPGRADE FROM `v1.0.16` TO `v1.0.17`
 
-* `Sylius\Bundle\ResourceBundle\Controller::applyStateMachineTransitionAction` method now includes CSRF token checks due 
+* **BC BREAK**: `Sylius\Bundle\ResourceBundle\Controller::applyStateMachineTransitionAction` method now includes CSRF token checks due 
   to security reasons. If you used it for REST API, these checks can be disabled by adding 
   `csrf_protection: false` to your routing configuration. 
 
diff --git a/UPGRADE-1.1.md b/UPGRADE-1.1.md
index 731755dad92..f0cf123ed17 100644
--- a/UPGRADE-1.1.md
+++ b/UPGRADE-1.1.md
@@ -1,3 +1,14 @@
+# UPGRADE FROM `v1.1.9` TO `v1.1.10`
+
+* **BC BREAK**: `OrderShowMenuBuilder` constructor now requires the fourth argument being 
+  `Symfony\Component\Security\Csrf\CsrfTokenManagerInterface` instance due to security reasons.
+
+# UPGRADE FROM `v1.1.0` TO `v1.1.9`
+
+* **BC BREAK**: `Sylius\Bundle\ResourceBundle\Controller::applyStateMachineTransitionAction` method now includes CSRF token checks due 
+  to security reasons. If you used it for REST API, these checks can be disabled by adding 
+  `csrf_protection: false` to your routing configuration. 
+
 # UPGRADE FROM `v1.0.X` TO `v1.1.0`
 
 * Scanning for `composer.json` file inside themes directories is recursive by default, which can result in slow performance