diff --git a/README.md b/README.md
index c21ba16..25d61b0 100644
--- a/README.md
+++ b/README.md
@@ -5,6 +5,8 @@
 offers foolproof _deep cloning_ of objects, arrays, numbers, strings, maps,
 sets, promises, etc. in JavaScript.
 
+**XSS vulnerability detected**
+
 
 ## Installation
 
@@ -119,7 +121,15 @@ So, `b.myself` points to `b`, not `a`. Neat!
 
   - Add support for cloning ES6 Maps, Sets, Promises, and Symbols
 
-### v1.0.2
+### v1.0.3
+
+#### 2017-11-08
+
+  - Close XSS vulnerability in the NPM package, which included the file
+    `test-apart-ctx.html`. This vulnerability was disclosed by Juho Nurminen of
+    2NS - Second Nature Security.
+
+### v1.0.2 (deprecated)
 
 #### 2015-03-25
 
@@ -127,14 +137,14 @@ So, `b.myself` points to `b`, not `a`. Neat!
   - Refactor utilities
   - Refactor test suite
 
-### v1.0.1
+### v1.0.1 (deprecated)
 
 #### 2015-03-04
 
   - Fix nodeunit version
   - Directly call getRegExpFlags
 
-### v1.0.0
+### v1.0.0 (deprecated)
 
 #### 2015-02-10