CHANGELOG.md in fat_free_crm-0.17.3 vs CHANGELOG.md in fat_free_crm-0.18.0

- old
+ new
@@ -2,27 +2,63 @@
 -- Confucius
 
 First they ignore you, then they laugh at you, then they fight you,
 then you win. –- Mahatma Gandhi
 
-Sat Oct 27, 2018 (0.17.3)
+Unreleased (0.19.0)
+=======
+
+
+Sat Apr 21, 2018 (0.18.0)
 ---------------------------------------------------------------------
 
-#### Fixed XSS flaw in tags_helper
-Credit Antonin Steinhauser (asteinhauser) for discovery and responsible disclosure.
+### Important changes
+#### Mininium ruby version
+#665 Support for Ruby 2.3 has been dropped, with test coverage for 2.4 and 2.5 enabled.
 
+#### Swap to FactoryBot
+If you consume fat free crm as an engine and re-use any factories, you'll need to [upgrade to FactoryBot](https://github.com/thoughtbot/factory_bot/blob/4-9-0-stable/UPGRADE_FROM_FACTORY_GIRL.md).
+
+#### Removed methods
+`Lead.update_with_permissions` is removed, use user_ids and group_ids inside attributes instead and call lead.update_with_account_and_lead_counters
+`FatFreeCRM::Permissions.save_with_permissions` is removed, use user_ids and group_ids inside attributes and call save
+`FatFreeCRM::Permissions.update_with_permissions` is removed, use user_ids and group_ids inside attributes and call update_attributes
+
+#### Other changes
+ - CVE-2018-8048 (loofah gem)
+ - CVE-2018-3741 (rails-html-sanitizer gem)
+ - #768 Fix comment creation on entities
+ - #762 #764 Fix bug in select menu
+ - #759 Improve zero revenue display
+ - #753 Opportunities sort by weighted amount
+ - #749 Fix unsafe reflection and mass assignment
+
 Wed Jan 24, 2018 (0.17.2)
 ---------------------------------------------------------------------
- - Fix CVE-2017-0889
- - Fix #687
+ - CVE-2017-0889
+ - #724 Fixes #589 Autocomplete regression
+ - #723 Fixes #687 Passing string to define a callback is not supported.
 
-Mon Jan 22, 2018 (0.16.2)
+Wed Jan 24, 2018 (0.16.3)
 ---------------------------------------------------------------------
- - Fix #687
+CVE-2017-0889
 
+Wed Jan 24, 2018 (0.15.1)
+---------------------------------------------------------------------
+CVE-2017-0889
+
+Wed Jan 24, 2018 (0.14.1)
+---------------------------------------------------------------------
+CVE-2017-0889
+
 Sat Jan 20, 2018 (0.17.1)
 ---------------------------------------------------------------------
  - #709 Revert accidental minimum ruby version 2.4 changes (#665)
+ - Fix #687 Passing string to define a callback is not supported.
+
+Mon Jan 22, 2018 (0.16.2)
+---------------------------------------------------------------------
+Fix #687
 
 Sat Jan 20, 2018 (0.17.0)
 ---------------------------------------------------------------------
 
 ### Important changes