diff --git a/CHANGELOG.md b/CHANGELOG.md index b045252..1e95db6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/). +## 1.7.3 +* Fix a security issue where the regex for windows drive letters allowed some shell meta-characters +to escape the quoting rules. (CVE-2021-42740) + ## 1.7.2 * Fix a regression introduced in 1.6.3. This reverts the Windows path quoting fix. ([144e1c2](https://github.com/substack/node-shell-quote/commit/144e1c20cd57549a414c827fb3032e60b7b8721c)) diff --git a/package.json b/package.json index a8eb0b2..2c1bd48 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "shell-quote", "description": "quote and parse shell commands", - "version": "1.7.2", + "version": "1.7.3", "author": { "name": "James Halliday", "email": "mail@substack.net", diff --git a/security.md b/security.md index a14ace6..dc86413 100644 --- a/security.md +++ b/security.md @@ -1,6 +1,7 @@ # Security Policy ## Supported Versions + Only the latest major version is supported at any given time. ## Reporting a Vulnerability