From da43056c43f5ea3567529b14ce55f93dc2e95418 Mon Sep 17 00:00:00 2001
From: Loren Segal <lsegal@soen.ca>
Date: Thu, 27 Jun 2019 15:53:38 -0700
Subject: [PATCH] Update changelog

---
 CHANGELOG.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 549a22965..4cd5045bc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # master
 
+- Fix parsing of stringified Symbols in Ruby source (#1256).
+- Fix path traversal vulnerability in `yard server`. This bug would allow
+ unsanitized HTTP requests to access arbitrary files on the machine of a
+ `yard server` host under certain conditions. Thanks to CuongMX from
+ Viettel Cyber Security for discovering this vulnerability.
+
 # 0.9.19 - April 2nd, 2019
 
 [0.9.19]: https://github.com/lsegal/yard/compare/v0.9.16...v0.9.19