Updated CHANGELOG

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 11a3fcda51c4c416d7f04d50450555848b43d56a..31b9ec0efbf57051f6c3678d1c9ca2413b58400c 100644 (file)
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,7 @@
 
 - Removed the download button and the corresponding link for encrypted files from the admin interface
 - Fixed an issue with sending the wrong filesize after decrypting an encrypted file
 
 - Removed the download button and the corresponding link for encrypted files from the admin interface
 - Fixed an issue with sending the wrong filesize after decrypting an encrypted file

+- Fixed the possibility to bypass the check for CVE-2022-30110 (prevent preview of SVG images) by sending a manipulated HTTP request with a MIME type like "image/svg+XML".

 - We now provide Docker images for AMD64 and ARM64 systems
 - Lots of code refactoring and cleanup
 - Few more little fixes
 - We now provide Docker images for AMD64 and ARM64 systems
 - Lots of code refactoring and cleanup
 - Few more little fixes