Merge PR #13490 from nvaccess/changesFor2021.3.4

Create changes for 2021.3.4 patch release
nvaccess · Mar 16, 2022 · 14b982c · 14b982c
2 parents aaefb19 + 2ec9bcb
commit 14b982c
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 1 deletion.
diff --git a/source/buildVersion.py b/source/buildVersion.py
@@ -67,7 +67,7 @@ def formatVersionForGUI(year, major, minor):
 name = "NVDA"
 version_year = 2021
 version_major = 3
-version_minor = 3
+version_minor = 4
 version_build = 0  # Should not be set manually. Set in 'sconscript' provided by 'appVeyor.yml'
 version=_formatDevVersionString()
 publisher="unknown"

diff --git a/user_docs/en/changes.t2t b/user_docs/en/changes.t2t
@@ -3,6 +3,24 @@ What's New in NVDA
 
 %!includeconf: ../changes.t2tconf
 
+= 2021.3.4 =
+This is a minor release to fix several security issues raised.
+Please responsibly disclose security issues to info@nvaccess.org.
+
+== Security Fixes ==
+- Addressed security advisory ``GHSA-354r-wr4v-cx28``. (#13488)
+  - Remove the ability to start NVDA with debug logging enabled when NVDA runs in secure mode.
+  - Remove the ability to update NVDA when NVDA runs in secure mode.
+  -
+- Addressed security advisory ``GHSA-wg65-7r23-h6p9``. (#13489)
+  - Remove the ability to open the input gestures dialog in secure mode.
+  - Remove the ability to open the default, temporary and voice dictionary dialogs in secure mode.
+  -
+- Addressed security advisory ``GHSA-mvc8-5rv9-w3hx``. (#13487)
+  - The wx GUI inspection tool is now disabled in secure mode.
+  -
+-
+
 = 2021.3.3 =
 This release is identical to 2021.3.2.
 A bug existed in NVDA 2021.3.2 where it incorrectly identified itself as 2021.3.1.