Changelog and version change for v2.5.1 release

fiveai · Aug 27, 2021 · d7ecabf · d7ecabf
1 parent 120bd19
commit d7ecabf
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,21 @@
 # Changelog
 
+## [2.5.1]
+
+### Fixed
+
+- [SECURITY VULNERABILITY] Configuration leak, user/admin users could leak the value of any config entry
+  from `.env` file by using variable placeholders. Setting values are now
+  sanitised (GHSA-88f9-7xxh-c688). Thanks to @thomas-chauchefoin-sonarsource
+- [SECURITY VULNERABILITY] New line injection during configuration editing
+  possible by a user/admin. Setting values are now sanitised
+  (GHSA-9jxw-cfrh-jxq6). Thanks to @thomas-chauchefoin-sonarsource
+- [SECURITY VULNERABILITY] Forced reinstall, user/admin users could trick Cachet
+  to allow them to access the `/setup` endpoint and reinstall the whole
+  instance. Fixed by preventing clearing the instance name. (GHSA-r67m-m8c7-jp83).
+  Thanks to @thomas-chauchefoin-sonarsource
+- Resend edit subscription email to existing subscribers on request #52
+
 ## [2.5.0]
 
 This is not an exhaustive list of the all the changes made since 2.3 but

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-v2.5.1-dev
+v2.5.1