Warn about CVE

PullRequest: truffleruby/633
oracle · Feb 21, 2019 · dd198f9 · dd198f9
2 parents b4ae461 + 0bcd3b1
commit dd198f9
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,8 @@
 # 1.0 RC 13
 
+Note that as TruffleRuby RC 13 is built on Ruby 2.4.4 it is still vulnerable
+to CVE-2018-16395. This will be fixed in the next release.
+
 New features:
 
 * Host interop with Java now works on SubstrateVM too.