Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/diaspora/diaspora.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/Changelog.md
diff options
context:
space:
mode:
Diffstat (limited to 'Changelog.md')
-rw-r--r--Changelog.md4
1 files changed, 4 insertions, 0 deletions
diff --git a/Changelog.md b/Changelog.md
index 62ca8beb4..a592740e3 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -39,6 +39,10 @@ Although the chat was never enabled per default and was marked as experimental,
# 0.7.17.0
+## Security
+* Bump Rails to 5.2.7 to address [CVE-2022-22577](https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533) and [CVE-2022-27777](https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534) [#8350](https://github.com/diaspora/diaspora/pull/8350)
+* Do not allow the user to mass assign their own password and 2fa settings alongside other parameters. Reported by Breno Vitório (@brenu) - thank you! [#8351](https://github.com/diaspora/diaspora/pull/8351)
+
## Refactor
## Bug fixes
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-27 13:19:14 +0300