Skip to content
Permalink
Browse files
Fix some changelog formatting and add link to XXE fix (#1794)
* fix: Correct markdown formatting for heading

* docs: Reformat changelog and add link to XXE fix commit
  • Loading branch information
sehrope committed Jun 9, 2020
1 parent ecbc48f commit 98a9bdcabf24a071e7db97bc2aab9c0f4a66e5d5
Showing 1 changed file with 6 additions and 5 deletions.
@@ -13,10 +13,11 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
## [42.2.13] (2020-06-04)

**Notable Changes**
The primary reason to release this version and to continue the 42.2.x branch is for CVE-2020-13692.
Reported by David Dworken this is an XXE and more information can be found [here](https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html)
Sehrope Sarkuni reworked the XML parsing to provide a solution in commit 14b62aca4
The build system has been changed to Gradle thanks to Vladimir [PR 1627](https://github.com/pgjdbc/pgjdbc/pull/1627)

- Security: The primary reason to release this version and to continue the 42.2.x branch is for CVE-2020-13692.
Reported by David Dworken, this is an XXE and more information can be found [here](https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html).
Sehrope Sarkuni reworked the XML parsing to provide a solution in commit [14b62aca4](https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65).
- The build system has been changed to Gradle thanks to Vladimir [PR 1627](https://github.com/pgjdbc/pgjdbc/pull/1627).

### Changed

@@ -48,7 +49,7 @@ We recommend that version 42.2.11 not be used.

## [42.2.11] (2020-03-07)

** Notable **
**Notable changes**
As mentioned above this version is broken and should not be used.
### Changed
- Reverted [PR 1641](https://github.com/pgjdbc/pgjdbc/pull/1252). The driver will now wait for EOF when sending cancel signals.

0 comments on commit 98a9bdc

Please sign in to comment.