cherry-pick v2.2.3 changelog entry

flavorjones · Oct 30, 2018 · cea7c93 · cea7c93
1 parent be0fd3a
commit cea7c93
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,15 @@ Features:
 * Allow greater precision in shorthand CSS values. [#149] (Thanks, @danfstucky!)
 
 
+## 2.2.3 / 2018-10-30
+
+### Security
+
+Address CVE-2018-16468: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
+
+This CVE's public notice is at https://github.com/flavorjones/loofah/issues/154
+
+
 ## Meta / 2018-10-27
 
 The mailing list is now on Google Groups [#146](https://github.com/flavorjones/loofah/issues/146):