Merge pull request #35715 from jhawthorn/changelog_for_cves_6_0

Update CHANGELOGs for 6.0.0.beta3 release
author: John Hawthorn <john@hawthorn.email> 2019-03-22 13:43:56 -0700
committer: GitHub <noreply@github.com> 2019-03-22 13:43:56 -0700
commit: b27885c6c2756fb98c52a75fd9c02b26d39f3cf3 (patch)
tree: 4ca31fe57955e0a7d45d6e99dd7cd94ce85621f5 /actionview
parent: 1d2f553d16d8e3ee1dd6622b96ad98a72ea98d2d (diff)
parent: 5c2d695993080f294c54353954254aa44c6da12c (diff)
download: rails-b27885c6c2756fb98c52a75fd9c02b26d39f3cf3.tar.gz
rails-b27885c6c2756fb98c52a75fd9c02b26d39f3cf3.tar.bz2
rails-b27885c6c2756fb98c52a75fd9c02b26d39f3cf3.zip
1 files changed, 10 insertions, 1 deletions
diff --git a/actionview/CHANGELOG.md b/actionview/CHANGELOG.md
index d07794ddf3..6717004ceb 100644
--- a/actionview/CHANGELOG.md
+++ b/actionview/CHANGELOG.md
@@ -1,6 +1,15 @@
 ## Rails 6.0.0.beta3 (March 11, 2019) ##
 
-*   No changes.
+*   Only accept formats from registered mime types
+
+    A lack of filtering on mime types could allow an a attacker to read
+    arbitrary files on the target server or to perform a denial of service
+    attack.
+
+    Fixes CVE-2019-5418
+    Fixes CVE-2019-5419
+
+    *John Hawthorn*, *Eileen M. Uchitelle*, *Aaron Patterson*
 
 
 ## Rails 6.0.0.beta2 (February 25, 2019) ##
author	John Hawthorn <john@hawthorn.email>	2019-03-22 13:43:56 -0700
committer	GitHub <noreply@github.com>	2019-03-22 13:43:56 -0700
commit	b27885c6c2756fb98c52a75fd9c02b26d39f3cf3 (patch)
tree	4ca31fe57955e0a7d45d6e99dd7cd94ce85621f5 /actionview
parent	1d2f553d16d8e3ee1dd6622b96ad98a72ea98d2d (diff)
parent	5c2d695993080f294c54353954254aa44c6da12c (diff)
download	rails-b27885c6c2756fb98c52a75fd9c02b26d39f3cf3.tar.gz rails-b27885c6c2756fb98c52a75fd9c02b26d39f3cf3.tar.bz2 rails-b27885c6c2756fb98c52a75fd9c02b26d39f3cf3.zip