--- CBOR-XS/Changes	2015/09/20 23:26:38	1.53
+++ CBOR-XS/Changes	2016/11/25 13:28:36	1.72
@@ -3,8 +3,57 @@
 TODO: pack_keys?
 TODO: document encode_cbor_sharing?
 TODO: weaken cyclic structures?
+TODO: allowed_classes or so?
+TODO: large negative integers
+TODO: russian guy test case exception
+TODO: allow_objects
+1.51
+        - point out security implications of having unsafe THAW
+          function/methods in your process.
+        - fix a crash when decoding a cyclic data structure using
+          stringref/pack_strings when allow_cycles is disabled.
+        - fix a crash when decoding hash keys with length >= 2**31.
+        - avoid unreasonably long decoding times for certain
+          types of data corruption.
+        - support arrays and hashes with >= 2**31 members.
+        - avoid overflow on pointer arithmetic when checking whether enough
+          data is available.
+        - fix a memory leak that occured when decoding failed while decoding
+          a tagged value.
 
+1.5  Wed Apr 27 11:38:39 CEST 2016
+        - Math::BigFloat madness workaround, see
+          http://blog.schmorp.de/2016-04-23-mathbigfloat-maintainer-fail.html
+          (bugreport by zdm@softvisio.net).
+        - add text_keys and text_strings options to force CBOR text encoding
+          for perl hash keys or all strings, as a result of discussions
+          with Fredrik Ljunggren.
+        - implement support for arbitrary-exponent numbers (see
+          http://peteroupc.github.io/CBOR/bigfrac.html, tags 264 and 265)
+          for both en- and decoding.
+        - implement support for rational numbers (see
+          http://peteroupc.github.io/CBOR/rational.html, tag 30) for both
+          en- and decoding.
+        - the above effectively implements all registered CBOR extensions
+          in a sensible manner.
+        - remove some weird dead code that was duplicated (%FILTER).
+        - add t/58_hv.t, which tests hashes and the new text_* flags.
+          hashes apparently were not encoded at all in any of the existing
+          tests.
+        - document Math::BigFloat base-2 performance/crash issues.
+        - use stability canary.
+
+1.41 Thu 25 Feb 15:22:03 CET 2016
+	- avoid perl panics on nested FREEZE/THAW calls (testcase by
+          Victor Efimov).
+
+1.4  Mon Feb  8 05:10:15 CET 2016
+        - buffer overflow fix: a fast path during decoding did not check
+          remaining length when decoding hash keys, found by fuzzing.
+          This can potentially leak information in the error message
+          or crash the process.
 	- use C style { 0 } struct initializer.
+        - upgrade libecb.
 
 1.3  Mon Apr 27 22:21:04 CEST 2015
 	- the incremental parser didn't properly parse tagged values