mention XSS in changelog

mention XSS in changelog

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 50ffa9e..a937aa0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,7 @@
 - [FEATURE] disable all sensitive debugging methods by default (env, memory profiling) can be enabled with enable_advanced_debugging_tools.
 - [FIX] when conditionally requiring rack mini profiler, asset precompile could fail
 - [FEATURE] `/rack-mini-profiler/requests` can be used to monitor all requests for apps that do not have a UI (like API apps)
+- [SECURITY] XSS injection in `?pp=help` via rogue uri
 
 ## 1.0.2 2019-02-05

GitHub sha: 0e1a1152

1 Like