diff options
author | Dennis Schubert <mail@dennis-schubert.de> | 2022-04-27 22:10:20 +0300 |
---|---|---|
committer | Dennis Schubert <mail@dennis-schubert.de> | 2022-04-27 22:11:26 +0300 |
commit | 02eba842aed40e6411fbed8db9e32fcd0e59c642 (patch) | |
tree | 267cf69085580548d388a3611b494ca8b1872a7a /Changelog.md | |
parent | 6ad4eb3be7a1c60af726449c98b510097fa002c1 (diff) | |
parent | 9212fd3f46d279ce7ffa8e581afdc8cad22fa166 (diff) |
Merge branch 'next-minor'v0.7.17.0
Diffstat (limited to 'Changelog.md')
-rw-r--r-- | Changelog.md | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/Changelog.md b/Changelog.md index 7514bf999..31c081fb0 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,3 +1,12 @@ +# 0.7.17.0 + +## Security +* Bump Rails to 5.2.7 to address [CVE-2022-22577](https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533) and [CVE-2022-27777](https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534) [#8350](https://github.com/diaspora/diaspora/pull/8350) +* Do not allow the user to mass assign their own password and 2fa settings alongside other parameters. Reported by Breno Vitório (@brenu) - thank you! [#8351](https://github.com/diaspora/diaspora/pull/8351) + +## Bug fixes +* Don't suggest to retry exports on failure [#8343](https://github.com/diaspora/diaspora/pull/8343) + # 0.7.16.0 ## Security |