diff --git a/docs/en/04_Changelogs/3.3.2.md b/docs/en/04_Changelogs/3.3.2.md
index 4d3cf21de..02f0cbb51 100644
--- a/docs/en/04_Changelogs/3.3.2.md
+++ b/docs/en/04_Changelogs/3.3.2.md
@@ -1,5 +1,33 @@
 # 3.3.2
 
+## Upgrading
+
+`LoginForm` no longer disables CSRF protection. This may cause regressions on sites that statically publish pages with
+login forms or other changes. To re-enable this, you'll need to use the `Injector` to create a custom login form.
+
+Define a login form:
+
+```php
+class CustomLoginForm extends MemberLoginForm {
+
+	public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true)
+	{
+		parent::__construct($controller, $name, $fields, $actions, $checkCurrentUser);
+
+		$this->disableSecurityToken();
+	}
+
+}
+```
+
+Add this to mysite/_config/config.yml
+
+```yaml
+Injector:
+  MemberLoginForm:
+    class: CustomLoginForm
+```
+
 <!--- Changes below this line will be automatically regenerated -->
 
 ## Change Log