add to note

taylorotwell · taylorotwell · commit 3299217f9133 · 2018-08-07T08:33:44.000-10:00
diff --git a/upgrade.md b/upgrade.md
@@ -27,7 +27,7 @@ Since this vulnerability is not able to be exploited without access to your appl
      */
     protected static $serialize = true;
 
-> **Note:** When encrypted cookie serialization is enabled, your application will be vulnerable to attack if its encryption key is accessed by a malicious party. If you believe your key may be in the hands of a malicious party, you should rotate the key to a new value.
+> **Note:** When encrypted cookie serialization is enabled, your application will be vulnerable to attack if its encryption key is accessed by a malicious party. If you believe your key may be in the hands of a malicious party, you should rotate the key to a new value before enabling encrypted cookie serialization.
 
 <a name="upgrade-5.5.0"></a>
 ## Upgrading To 5.5.0 From 5.4
