diff options
| author | Dennis Schubert <mail@dennis-schubert.de> | 2022-04-27 21:37:49 +0300 |
|---|---|---|
| committer | Dennis Schubert <mail@dennis-schubert.de> | 2022-04-27 21:37:49 +0300 |
| commit | 22ac0872bdf869d26f4d947bdca6320c1c0f102f (patch) | |
| tree | b2873e14061a1274ce7944346fec139a3febc0f6 /Changelog.md | |
| parent | 0cab9f595b7c70f5546d698a9c7848a56e9ea566 (diff) | |
| parent | 9212fd3f46d279ce7ffa8e581afdc8cad22fa166 (diff) | |
Merge branch 'next-minor' into develop
Diffstat (limited to 'Changelog.md')
| -rw-r--r-- | Changelog.md | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/Changelog.md b/Changelog.md index 62ca8beb4..a592740e3 100644 --- a/Changelog.md +++ b/Changelog.md @@ -39,6 +39,10 @@ Although the chat was never enabled per default and was marked as experimental, # 0.7.17.0 +## Security +* Bump Rails to 5.2.7 to address [CVE-2022-22577](https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533) and [CVE-2022-27777](https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534) [#8350](https://github.com/diaspora/diaspora/pull/8350) +* Do not allow the user to mass assign their own password and 2fa settings alongside other parameters. Reported by Breno Vitório (@brenu) - thank you! [#8351](https://github.com/diaspora/diaspora/pull/8351) + ## Refactor ## Bug fixes |