1 files changed, 5 insertions, 0 deletions

diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
index b4d3da3603..3324dfa623 100644
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -1,3 +1,8 @@
+*   Extend cross-site request forgery (CSRF) protection to GET requests with
+    JavaScript responses, protecting apps from cross-origin `<script>` tags.
+
+    *Jeremy Kemper*
+
 *   Fix generating a path for engine inside a resources block.
 
     Fixes #8533.