From 0fcff94cebce07b856531d6502b11466e8331409 Mon Sep 17 00:00:00 2001
From: Mitsuhiro Shibuya <mit.shibuya@gmail.com>
Date: Wed, 29 Nov 2023 13:42:37 +0900
Subject: [PATCH] Version 2.2.5

---
 CHANGELOG.md               | 4 ++++
 lib/carrierwave/version.rb | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a389a5726..c79be6575 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,10 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
 
+## 2.2.5 - 2023-11-29
+### Security
+* Fix Content-Type allowlist bypass vulnerability, possibly leading to XSS (@mshibuya, [39b282d](https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5), [GHSA-gxhx-g4fq-49hj](https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj))
+
 ## 2.2.4 - 2023-06-10
 ### Fixed
 * Fix Ruby 2.7 keyword argument warning in uploader process (@SuperTux88 [#2665](https://github.com/carrierwaveuploader/carrierwave/pull/2665), [#2636](https://github.com/carrierwaveuploader/carrierwave/pull/2636), [#2635](https://github.com/carrierwaveuploader/carrierwave/issues/2635))
diff --git a/lib/carrierwave/version.rb b/lib/carrierwave/version.rb
index a00a6d80a..db9173f21 100644
--- a/lib/carrierwave/version.rb
+++ b/lib/carrierwave/version.rb
@@ -1,3 +1,3 @@
 module CarrierWave
-  VERSION = "2.2.4"
+  VERSION = "2.2.5"
 end