updated CHANGELOG for previous commit

diff --git a/CHANGELOG b/CHANGELOG
index 6eaa0c5..c335330 100644 (file)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,7 @@
 * 1.12.3 (2013-XX-XX)
 
+ * fixed a security issue in the filesystem loader where it was possible to include a template one
+   level above the configured path
  * fixed fatal error that should be an exception when adding a filter/function/test too late
  * added a batch filter
  * added support for encoding an array as query string in the url_encode filter