rubyzip
diff --git a/‎Changelog.md
Lines changed: 12 additions & 0 deletions b/‎Changelog.md
Lines changed: 12 additions & 0 deletions
diff --git a/‎README.md
Lines changed: 1 addition & 7 deletions b/‎README.md
Lines changed: 1 addition & 7 deletions
diff --git a/‎lib/zip.rb
Lines changed: 1 addition & 1 deletion b/‎lib/zip.rb
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/zip/version.rb
Lines changed: 1 addition & 1 deletion b/‎lib/zip/version.rb
Lines changed: 1 addition & 1 deletion
@@ -2,6 +2,18 @@
 
 -
 
+# 2.0.0 (2019-09-25)
+
+Security
+
+- Default the `validate_entry_sizes` option to `true`, so that callers can trust an entry's reported size when using `extract` [#403](https://github.com/rubyzip/rubyzip/pull/403)
+   - This option defaulted to `false` in 1.3.0 for backward compatibility, but it now defaults to `true`. If you are using an older version of ruby and can't yet upgrade to 2.x, you can still use 1.3.0 and set the option to `true`.
+
+Tooling / Documentation
+
+- Remove test files from the gem to avoid problems with antivirus detections on the test files [#405](https://github.com/rubyzip/rubyzip/pull/405) / [#384](https://github.com/rubyzip/rubyzip/issues/384)
+- Drop support for unsupported ruby versions [#406](https://github.com/rubyzip/rubyzip/pull/406)
+
 # 1.3.0 (2019-09-25)
 
 Security
 
@@ -265,13 +265,7 @@ Zip.warn_invalid_date = false
 
 ### Size Validation
 
-**This setting defaults to `false` in rubyzip 1.3 for backward compatibility, but it will default to `true` in rubyzip 2.0.**
-
-If you set
-```
-Zip.validate_entry_sizes = true
-```
-then `rubyzip`'s `extract` method checks that an entry's reported uncompressed size is not (significantly) smaller than its actual size. This is to help you protect your application against [zip bombs](https://en.wikipedia.org/wiki/Zip_bomb). Before `extract`ing an entry, you should check that its size is in the range you expect. For example, if your application supports processing up to 100 files at once, each up to 10MiB, your zip extraction code might look like:
+By default (in rubyzip >= 2.0), rubyzip's `extract` method checks that an entry's reported uncompressed size is not (significantly) smaller than its actual size. This is to help you protect your application against [zip bombs](https://en.wikipedia.org/wiki/Zip_bomb). Before `extract`ing an entry, you should check that its size is in the range you expect. For example, if your application supports processing up to 100 files at once, each up to 10MiB, your zip extraction code might look like:
 
 ```ruby
 MAX_FILE_SIZE = 10 * 1024**2 # 10MiB
 
@@ -55,7 +55,7 @@ def reset!
     @write_zip64_support = false
     @warn_invalid_date = true
     @case_insensitive_match = false
-    @validate_entry_sizes = false
+    @validate_entry_sizes = true
   end
 
   def setup
 
@@ -1,3 +1,3 @@
 module Zip
-  VERSION = '1.3.0'
+  VERSION = '2.0.0'
 end