diff options
Diffstat (limited to 'actionview/CHANGELOG.md')
-rw-r--r-- | actionview/CHANGELOG.md | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/actionview/CHANGELOG.md b/actionview/CHANGELOG.md index 5e7b271fb9..43688fc8a7 100644 --- a/actionview/CHANGELOG.md +++ b/actionview/CHANGELOG.md @@ -1,3 +1,19 @@ +## Rails 6.0.0.beta3 (March 11, 2019) ## + +* Only accept formats from registered mime types + + A lack of filtering on mime types could allow an attacker to read + arbitrary files on the target server or to perform a denial of service + attack. + + Fixes CVE-2019-5418 + Fixes CVE-2019-5419 + + *John Hawthorn*, *Eileen M. Uchitelle*, *Aaron Patterson* + + +## Rails 6.0.0.beta2 (February 25, 2019) ## + * ActionView::Template.finalize_compiled_template_methods is deprecated with no replacement. |