From aa39c56cc29bad888a9fde5b92860abf423b9e15 Mon Sep 17 00:00:00 2001 From: Matijs van Zuijlen Date: Sun, 10 Oct 2021 20:43:20 +0200 Subject: [PATCH] Prepare version 9.2.5 for release --- CHANGELOG.md | 17 +++++++++++++++++ publify_amazon_sidebar/CHANGELOG.md | 4 ++++ .../lib/publify_amazon_sidebar/version.rb | 2 +- .../publify_amazon_sidebar.gemspec | 2 +- publify_core/CHANGELOG.md | 16 ++++++++++++++++ publify_core/lib/publify_core/version.rb | 2 +- publify_textfilter_code/CHANGELOG.md | 4 ++++ .../lib/publify_textfilter_code/version.rb | 2 +- 8 files changed, 45 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1208599df3..bb4b21d9cd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,23 @@ See the changelogs for the individual engines for more details for releases 9.0 and up +## 9.2.5 / 2021-10-11 + +This release fixes several security issues: + +* Force session cookie to be secure in production +* Block ability to switch themes using a GET request; use a POST instead +* Disallow user self-registration rather than hiding it +* Let the browser not cache admin pages +* Limit the set of allowed mime types for uploaded media +* Limit allowed HTML in articles, pages and notes + +Additionally, it includes the following changes: + +* Fix resource size display in admin resource list +* Trigger download of media in the Media Library in admin instead of displaying + them directly + ## 9.2.4 / 2021-10-02 * Require at least version 1.12.5 of nokogiri to avoid a security issue diff --git a/publify_amazon_sidebar/CHANGELOG.md b/publify_amazon_sidebar/CHANGELOG.md index f1c4ab1479..aaf97b5dca 100644 --- a/publify_amazon_sidebar/CHANGELOG.md +++ b/publify_amazon_sidebar/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 9.2.5 / 2021-10-11 + +* No changes + ## 9.2.4 / 2021-10-02 * Drop support for Ruby 2.4 since it is incompatible with nokogiri 1.12.5 diff --git a/publify_amazon_sidebar/lib/publify_amazon_sidebar/version.rb b/publify_amazon_sidebar/lib/publify_amazon_sidebar/version.rb index d96dc8f70d..7d3ef282ee 100644 --- a/publify_amazon_sidebar/lib/publify_amazon_sidebar/version.rb +++ b/publify_amazon_sidebar/lib/publify_amazon_sidebar/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module PublifyAmazonSidebar - VERSION = "9.2.4" + VERSION = "9.2.5" end diff --git a/publify_amazon_sidebar/publify_amazon_sidebar.gemspec b/publify_amazon_sidebar/publify_amazon_sidebar.gemspec index c9be1d29e3..c9a522ad1c 100644 --- a/publify_amazon_sidebar/publify_amazon_sidebar.gemspec +++ b/publify_amazon_sidebar/publify_amazon_sidebar.gemspec @@ -20,7 +20,7 @@ Gem::Specification.new do |s| s.files = File.open("Manifest.txt").readlines.map(&:chomp) - s.add_dependency "publify_core", "~> 9.2.4" + s.add_dependency "publify_core", "~> 9.2.5" s.add_development_dependency "rspec-rails", "~> 4.0" s.add_development_dependency "simplecov", "~> 0.18.5" diff --git a/publify_core/CHANGELOG.md b/publify_core/CHANGELOG.md index 87ffbdec50..b822cd6f35 100644 --- a/publify_core/CHANGELOG.md +++ b/publify_core/CHANGELOG.md @@ -1,5 +1,21 @@ # Changelog +## 9.2.5 / 2021-10-11 + +This release fixes several security issues: + +* Block ability to switch themes using a GET request; use a POST instead +* Disallow user self-registration rather than hiding it +* Let the browser not cache admin pages +* Limit the set of allowed mime types for uploaded media +* Limit allowed HTML in articles, pages and notes + +Additionally, it includes the following changes: + +* Fix resource size display in admin resource list +* Trigger download of media in the Media Library in admin instead of displaying + them directly + ## 9.2.4 / 2021-10-02 * Explicitly require at least version 1.12.5 of nokogiri to avoid a security issue diff --git a/publify_core/lib/publify_core/version.rb b/publify_core/lib/publify_core/version.rb index fce8c26627..b8136ba8a0 100644 --- a/publify_core/lib/publify_core/version.rb +++ b/publify_core/lib/publify_core/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module PublifyCore - VERSION = "9.2.4" + VERSION = "9.2.5" end diff --git a/publify_textfilter_code/CHANGELOG.md b/publify_textfilter_code/CHANGELOG.md index 1af4c0b130..b0dbc7705b 100644 --- a/publify_textfilter_code/CHANGELOG.md +++ b/publify_textfilter_code/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 9.2.5 / 2021-10-11 + +* No changes + ## 9.2.4 / 2021-10-02 * Drop support for Ruby 2.4 since it is incompatible with nokogiri 1.12.5 diff --git a/publify_textfilter_code/lib/publify_textfilter_code/version.rb b/publify_textfilter_code/lib/publify_textfilter_code/version.rb index 42f7cadd9a..15bf1a85ea 100644 --- a/publify_textfilter_code/lib/publify_textfilter_code/version.rb +++ b/publify_textfilter_code/lib/publify_textfilter_code/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module PublifyTextfilterCode - VERSION = "9.2.4" + VERSION = "9.2.5" end