From 5c2d695993080f294c54353954254aa44c6da12c Mon Sep 17 00:00:00 2001
From: John Hawthorn <john@hawthorn.email>
Date: Fri, 22 Mar 2019 13:13:01 -0700
Subject: Update CHANGELOGs for 6.0.0.beta3 release

---
 actionview/CHANGELOG.md | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'actionview')

diff --git a/actionview/CHANGELOG.md b/actionview/CHANGELOG.md
index d07794ddf3..6717004ceb 100644
--- a/actionview/CHANGELOG.md
+++ b/actionview/CHANGELOG.md
@@ -1,6 +1,15 @@
 ## Rails 6.0.0.beta3 (March 11, 2019) ##
 
-*   No changes.
+*   Only accept formats from registered mime types
+
+    A lack of filtering on mime types could allow an a attacker to read
+    arbitrary files on the target server or to perform a denial of service
+    attack.
+
+    Fixes CVE-2019-5418
+    Fixes CVE-2019-5419
+
+    *John Hawthorn*, *Eileen M. Uchitelle*, *Aaron Patterson*
 
 
 ## Rails 6.0.0.beta2 (February 25, 2019) ##
-- 
cgit v1.2.3