Merge branch 'release/4.5.3' into support/4

smarty-php · May 28, 2024 · 9fc96a1 · 9fc96a1
2 parents 76881c8 + 09e211c
commit 9fc96a1
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [4.5.3] - 2024-05-28
+- Fixed a code injection vulnerability in extends-tag. This addresses CVE-2024-35226.
+
+
 ## [4.5.2] - 2024-04-06
 - Fixed argument must be passed by reference error introduced in v4.5.1 [#964](https://github.com/smarty-php/smarty/issues/964)
 

diff --git a/changelog/GHSA-4rmg-292m-wg3w.md b/changelog/GHSA-4rmg-292m-wg3w.md
diff --git a/libs/Smarty.class.php b/libs/Smarty.class.php
@@ -107,7 +107,7 @@ class Smarty extends Smarty_Internal_TemplateBase
     /**
      * smarty version
      */
-    const SMARTY_VERSION = '4.5.2';
+    const SMARTY_VERSION = '4.5.3';
     /**
      * define variable scopes
      */