Permalink
Browse files

Update notes

1 parent b18cb98 commit f97b9cd3c2dcf348d110d17613a82614d1163ab5 @Synchro Synchro committed Jan 9, 2017
Showing with 1 addition and 1 deletion.
  1. +1 −1 changelog.md
View
@@ -1,7 +1,7 @@
# ChangeLog
## Version 5.2.22 (January 5th 2017)
-* **SECURITY** Fix [CVE-2017-5223](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5223), local file disclosure vulnerability if content passed to `msgHTML()` is sourced from unfiltered user input. Reported by Yongxiang Li of Asiasecurity.
+* **SECURITY** Fix [CVE-2017-5223](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5223), local file disclosure vulnerability if content passed to `msgHTML()` is sourced from unfiltered user input. Reported by Yongxiang Li of Asiasecurity. The fix for this means that calls to `msgHTML()` without a `$basedir` will not import images with relative URLs, and relative URLs containing `..` will be ignored.
* Add simple contact form example
* Emoji in test content

0 comments on commit f97b9cd

Please sign in to comment.