diff options
author | Jeremy Evans <code@jeremyevans.net> | 2020-07-16 10:31:26 -0700 |
---|---|---|
committer | Jeremy Evans <code@jeremyevans.net> | 2020-07-16 10:46:17 -0700 |
commit | 297bf998b96dad0636de6affbcc791ff0c26d5bb (patch) | |
tree | 731e927564aa3ce2594b20c8cca14919d21d2e16 | |
parent | 294fd239a71aab805877790f0a92ee3c72e67d79 (diff) | |
download | rack-297bf998b96dad0636de6affbcc791ff0c26d5bb.tar.gz |
Add 2.2.3 information to CHANGELOG
Fixes #1693
-rw-r--r-- | CHANGELOG.md | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 9e377de6..773585e1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,12 @@ All notable changes to this project will be documented in this file. For info on - Avoid NoMethodError when accessing Rack::Session::Cookie without requiring delegate first. ([#1610](https://github.com/rack/rack/issues/1610), [@onigra](https://github.com/onigra)) - Handle cookies with values that end in '=' ([#1645](https://github.com/rack/rack/pull/1645), [@lukaso](https://github.com/lukaso)) +## [2.2.3] - 2020-06-15 + +### Security + +- [[CVE-2020-8184](https://nvd.nist.gov/vuln/detail/CVE-2020-8184)] Do not allow percent-encoded cookie name to override existing cookie names. BREAKING CHANGE: Accessing cookie names that require URL encoding with decoded name no longer works. ([@fletchto99](https://github.com/fletchto99)) + ## [2.2.2] - 2020-02-11 ### Fixed |