From abeaf789dc4976791e8bf1b5e8b03b073455dfbe Mon Sep 17 00:00:00 2001
From: Kamil Kokot <kamil@kokot.me>
Date: Tue, 10 Jul 2018 13:19:13 +0200
Subject: [PATCH] Mention BC breaks caused while fixing security issues

---
 UPGRADE-1.0.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/UPGRADE-1.0.md b/UPGRADE-1.0.md
index 8f0b16ec14a..9ee0dfdade4 100644
--- a/UPGRADE-1.0.md
+++ b/UPGRADE-1.0.md
@@ -1,6 +1,11 @@
+# UPGRADE FROM `v1.0.17` TO `v1.0.18`
+
+* **BC BREAK**: `OrderShowMenuBuilder` constructor now requires the fourth argument being 
+  `Symfony\Component\Security\Csrf\CsrfTokenManagerInterface` instance due to security reasons.
+
 # UPGRADE FROM `v1.0.16` TO `v1.0.17`
 
-* `Sylius\Bundle\ResourceBundle\Controller::applyStateMachineTransitionAction` method now includes CSRF token checks due 
+* **BC BREAK**: `Sylius\Bundle\ResourceBundle\Controller::applyStateMachineTransitionAction` method now includes CSRF token checks due 
   to security reasons. If you used it for REST API, these checks can be disabled by adding 
   `csrf_protection: false` to your routing configuration.