Update CHANGELOGs for 6.0.0.beta3 release

author: John Hawthorn <john@hawthorn.email> 2019-03-22 13:13:01 -0700
committer: John Hawthorn <john@hawthorn.email> 2019-03-22 13:13:01 -0700
commit: 5c2d695993080f294c54353954254aa44c6da12c (patch)
tree: 46cd8fc5bcce6dbd66584c32c48b353b8d5b9149 /actionview
parent: f40860800c231ecd1daef6cf6b5a8a8eda76478d (diff)
download: rails-5c2d695993080f294c54353954254aa44c6da12c.tar.gz
rails-5c2d695993080f294c54353954254aa44c6da12c.tar.bz2
rails-5c2d695993080f294c54353954254aa44c6da12c.zip
1 files changed, 10 insertions, 1 deletions
diff --git a/actionview/CHANGELOG.md b/actionview/CHANGELOG.md
index d07794ddf3..6717004ceb 100644
--- a/actionview/CHANGELOG.md
+++ b/actionview/CHANGELOG.md
@@ -1,6 +1,15 @@
 ## Rails 6.0.0.beta3 (March 11, 2019) ##
 
-*   No changes.
+*   Only accept formats from registered mime types
+
+    A lack of filtering on mime types could allow an a attacker to read
+    arbitrary files on the target server or to perform a denial of service
+    attack.
+
+    Fixes CVE-2019-5418
+    Fixes CVE-2019-5419
+
+    *John Hawthorn*, *Eileen M. Uchitelle*, *Aaron Patterson*
 
 
 ## Rails 6.0.0.beta2 (February 25, 2019) ##
author	John Hawthorn <john@hawthorn.email>	2019-03-22 13:13:01 -0700
committer	John Hawthorn <john@hawthorn.email>	2019-03-22 13:13:01 -0700
commit	5c2d695993080f294c54353954254aa44c6da12c (patch)
tree	46cd8fc5bcce6dbd66584c32c48b353b8d5b9149 /actionview
parent	f40860800c231ecd1daef6cf6b5a8a8eda76478d (diff)
download	rails-5c2d695993080f294c54353954254aa44c6da12c.tar.gz rails-5c2d695993080f294c54353954254aa44c6da12c.tar.bz2 rails-5c2d695993080f294c54353954254aa44c6da12c.zip