From eb6359e79fee43d1c480b0f50d9a585b3c3b1c1c Mon Sep 17 00:00:00 2001 From: Mitsuhiro Shibuya Date: Sat, 23 Mar 2024 17:07:25 +0900 Subject: [PATCH] Version 2.2.6 --- CHANGELOG.md | 6 +++++- lib/carrierwave/version.rb | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c79be6575..85c22b6b2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,9 +5,13 @@ This project adheres to [Semantic Versioning](http://semver.org/). ## [Unreleased] +## 2.2.6 - 2024-03-23 +### Security +* Fix Content-Type allowlist bypass vulnerability remained (@mshibuya [4317871](https://github.com/carrierwaveuploader/carrierwave/commit/431787193795dda9b01a0ee748bd93e2ec7101c2), [GHSA-vfmv-jfc5-pjjw](https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-vfmv-jfc5-pjjw)) + ## 2.2.5 - 2023-11-29 ### Security -* Fix Content-Type allowlist bypass vulnerability, possibly leading to XSS (@mshibuya, [39b282d](https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5), [GHSA-gxhx-g4fq-49hj](https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj)) +* Fix Content-Type allowlist bypass vulnerability, possibly leading to XSS (@mshibuya [39b282d](https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5), [GHSA-gxhx-g4fq-49hj](https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj)) ## 2.2.4 - 2023-06-10 ### Fixed diff --git a/lib/carrierwave/version.rb b/lib/carrierwave/version.rb index db9173f21..e9a6c4002 100644 --- a/lib/carrierwave/version.rb +++ b/lib/carrierwave/version.rb @@ -1,3 +1,3 @@ module CarrierWave - VERSION = "2.2.5" + VERSION = "2.2.6" end