diff options
author | Aaron Patterson <tenderlove@ruby-lang.org> | 2023-01-17 12:36:48 -0800 |
---|---|---|
committer | Aaron Patterson <tenderlove@ruby-lang.org> | 2023-01-17 12:41:15 -0800 |
commit | 0f1e4234a449539c5b9ae8d314abd69d19e93c40 (patch) | |
tree | 8ed02a1a61c805cb9946c523d1b6eaefc25ee196 | |
parent | b79bb5ac6e7478aa02f624bd9ef00b25c2502af5 (diff) | |
download | rack-0f1e4234a449539c5b9ae8d314abd69d19e93c40.tar.gz |
Update changelog
-rw-r--r-- | CHANGELOG.md | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 2edd32c0..04c37c39 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,12 @@ All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/). +## [3.0.4.1] - 2023-01-17 + +- [CVE-2022-44571] Fix ReDoS vulnerability in multipart parser +- [CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges +- [CVE-2022-44572] Forbid control characters in attributes (also ReDoS) + ## [3.0.4] - 2022-01-17 - `Rack::Request#POST` should consistently raise errors. Cache errors that occur when invoking `Rack::Request#POST` so they can be raised again later. ([#2010](https://github.com/rack/rack/pull/2010), [@ioquatix]) |