Merge branch 'dev' into 7.2RC

author: Mario Vavti <mario@mariovavti.com> 2022-03-29 11:39:28 +0200
committer: Mario Vavti <mario@mariovavti.com> 2022-03-29 11:39:28 +0200
commit: be5f7c2e677b5230b1bc70c18f56797c4a0c57f8 (patch)
tree: 6f682644998cf0af660d0850243c779abe187ec2
parent: 943ecff6232f6fcdcff3a950478140b151c28cf7 (diff)
parent: 0d0f73fb67bbfcc53058cefded85ac36f951c7a7 (diff)
download: volse-hubzilla-be5f7c2e677b5230b1bc70c18f56797c4a0c57f8.tar.gz
volse-hubzilla-be5f7c2e677b5230b1bc70c18f56797c4a0c57f8.tar.bz2
volse-hubzilla-be5f7c2e677b5230b1bc70c18f56797c4a0c57f8.zip
1 files changed, 4 insertions, 3 deletions
diff --git a/CHANGELOG b/CHANGELOG
index f04d0f639..23033eb9f 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,4 +1,4 @@
-Hubzilla 7.2 (2022-??-??)
+Hubzilla 7.2 (2022-03-29)
 	- Streamline comment policy with downstream project
 	- Add new function is_local_url()
 	- Add helper function to escape URLs
@@ -28,8 +28,9 @@ Hubzilla 7.2 (2022-??-??)
 
 	Bugfixes
 	- Fix comments_closed date on posts where comments are disabled
-	- Fix open redirect via rpath query param
-	- Fix local file inclusion in redbasic theme
+	- Fix open redirect via rpath query param (CVE-2022-27256)
+	- Fix cross-site scripting via rpath query param (CVE-2022-27258)
+	- Fix local file inclusion in redbasic theme (CVE-2022-27257)
 	- Fix baseurl for css and js
 	- Fix duplicate IDs in login form
 	- Fix unknown author not fetched if w2w comment arrives
author	Mario Vavti <mario@mariovavti.com>	2022-03-29 11:39:28 +0200
committer	Mario Vavti <mario@mariovavti.com>	2022-03-29 11:39:28 +0200
commit	be5f7c2e677b5230b1bc70c18f56797c4a0c57f8 (patch)
tree	6f682644998cf0af660d0850243c779abe187ec2
parent	943ecff6232f6fcdcff3a950478140b151c28cf7 (diff)
parent	0d0f73fb67bbfcc53058cefded85ac36f951c7a7 (diff)
download	volse-hubzilla-be5f7c2e677b5230b1bc70c18f56797c4a0c57f8.tar.gz volse-hubzilla-be5f7c2e677b5230b1bc70c18f56797c4a0c57f8.tar.bz2 volse-hubzilla-be5f7c2e677b5230b1bc70c18f56797c4a0c57f8.zip