Warn about CVE

chrisseaton · chrisseaton · commit dd198f9c34e4 · 2019-02-21T11:57:35.000-08:00
PullRequest: truffleruby/633
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,8 @@
 # 1.0 RC 13
 
+Note that as TruffleRuby RC 13 is built on Ruby 2.4.4 it is still vulnerable
+to CVE-2018-16395. This will be fixed in the next release.
+
 New features:
 
 * Host interop with Java now works on SubstrateVM too.
