add change notes

Author: thiggy1342

ruby/ql/lib/change-notes/released/0.2.3.md

@@ -0,0 +1,5 @@
+## 0.2.3
+
+### Minor Analysis Improvements
+
+- Calls to `Zip::File.open` and `Zip::File.new` have been added as `FileSystemAccess` sinks. As a result queries like `rb/path-injection` now flag up cases where users may access arbitrary archive files.