diff options
Diffstat (limited to 'Changelog.md')
-rw-r--r-- | Changelog.md | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/Changelog.md b/Changelog.md index 62ca8beb4..a592740e3 100644 --- a/Changelog.md +++ b/Changelog.md @@ -39,6 +39,10 @@ Although the chat was never enabled per default and was marked as experimental, # 0.7.17.0 +## Security +* Bump Rails to 5.2.7 to address [CVE-2022-22577](https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533) and [CVE-2022-27777](https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534) [#8350](https://github.com/diaspora/diaspora/pull/8350) +* Do not allow the user to mass assign their own password and 2fa settings alongside other parameters. Reported by Breno Vitório (@brenu) - thank you! [#8351](https://github.com/diaspora/diaspora/pull/8351) + ## Refactor ## Bug fixes |