Update changelog

author: Aaron Patterson <tenderlove@ruby-lang.org> 2023-01-17 12:36:48 -0800
committer: Aaron Patterson <tenderlove@ruby-lang.org> 2023-01-17 12:41:15 -0800
commit: 0f1e4234a449539c5b9ae8d314abd69d19e93c40 (patch)
tree: 8ed02a1a61c805cb9946c523d1b6eaefc25ee196
parent: b79bb5ac6e7478aa02f624bd9ef00b25c2502af5 (diff)
download: rack-0f1e4234a449539c5b9ae8d314abd69d19e93c40.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2edd32c0..04c37c39 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,12 @@
 
 All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/).
 
+## [3.0.4.1] - 2023-01-17
+
+- [CVE-2022-44571] Fix ReDoS vulnerability in multipart parser
+- [CVE-2022-44570] Fix ReDoS in Rack::Utils.get_byte_ranges
+- [CVE-2022-44572] Forbid control characters in attributes (also ReDoS)
+
 ## [3.0.4] - 2022-01-17
 
 - `Rack::Request#POST` should consistently raise errors. Cache errors that occur when invoking `Rack::Request#POST` so they can be raised again later. ([#2010](https://github.com/rack/rack/pull/2010), [@ioquatix])
author	Aaron Patterson <tenderlove@ruby-lang.org>	2023-01-17 12:36:48 -0800
committer	Aaron Patterson <tenderlove@ruby-lang.org>	2023-01-17 12:41:15 -0800
commit	0f1e4234a449539c5b9ae8d314abd69d19e93c40 (patch)
tree	8ed02a1a61c805cb9946c523d1b6eaefc25ee196
parent	b79bb5ac6e7478aa02f624bd9ef00b25c2502af5 (diff)
download	rack-0f1e4234a449539c5b9ae8d314abd69d19e93c40.tar.gz