diff --git a/ChangeLog b/ChangeLog
index 68f42bd1b8..3ca4e25a48 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Wed Feb  6 12:49:00 2013  Zachary Scott  <zachary@zacharyscott.net>
+
+	* NEWS: Add note about removal of CSV::load and CSV::dump from r39077
+
 Wed Feb  6 05:57:00 2013  Zachary Scott  <zachary@zacharyscott.net>
 
 	* lib/racc/parser.rb: Hide copyright notice from Racc doc
diff --git a/NEWS b/NEWS
index 25c578f4a9..45097b4611 100644
--- a/NEWS
+++ b/NEWS
@@ -210,6 +210,10 @@ with all sufficient information, see the ChangeLog file.
   * When HTML5 tagmaker called, overwrite CGI#header,
     CGI#header function is to create a <header> element.
 
+* CSV
+  * Removed CSV::dump and CSV::load to protect users from dangerous
+    serialization vulnerability
+
 * iconv
   * Iconv has been removed. Use String#encode instead.