diff --git a/docs/en/04_Changelogs/3.1.19.md b/docs/en/04_Changelogs/3.1.19.md
new file mode 100644
index 000000000..d911a0bc3
--- /dev/null
+++ b/docs/en/04_Changelogs/3.1.19.md
@@ -0,0 +1,37 @@
+# 3.1.19
+
+## Upgrading
+
+`LoginForm` no longer disables CSRF protection. This may cause regressions on sites that statically publish pages with
+login forms or other changes. To re-enable this, you'll need to use the `Injector` to create a custom login form.
+
+Define a login form:
+
+```php
+class CustomLoginForm extends MemberLoginForm {
+
+	public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true)
+	{
+		parent::__construct($controller, $name, $fields, $actions, $checkCurrentUser);
+
+		$this->disableSecurityToken();
+	}
+
+}
+```
+
+Add this to mysite/_config/config.yml
+
+```yaml
+Injector:
+  MemberLoginForm:
+    class: CustomLoginForm
+```
+
+<!--- Changes below this line will be automatically regenerated -->
+
+## Change Log
+
+### Security
+
+### Bugfixes
diff --git a/security/LoginForm.php b/security/LoginForm.php
index 6a2d00cd7..026fc2c7d 100644
--- a/security/LoginForm.php
+++ b/security/LoginForm.php
@@ -10,11 +10,6 @@
  * @subpackage security
  */
 abstract class LoginForm extends Form {
-	public function __construct($controller, $name, $fields, $actions) {
-		parent::__construct($controller, $name, $fields, $actions);
-		
-		$this->disableSecurityToken();	
-	}
 
 	/**
 	 * Authenticator class to use with this login form