CHANGELOG in activesupport-3.0.18 vs CHANGELOG in activesupport-3.0.19

@@ -1,4 +1,13 @@
+## Rails 3.0.19 (Jan 8, 2012) ##
+
+*   Hash.from_xml raises when it encounters type="symbol" or type="yaml".
+    Use Hash.from_trusted_xml to parse this XML.
+
+    CVE-2013-0156
+
+    *Jeremy Kemper*
+
 ## Rails 3.0.18
 
 ## Rails 3.0.17 (Aug 9, 2012)
 
 * ERB::Util.html_escape now escapes single quotes. [Santiago Pastorino]