From: Patrick Canterino <patrick@patrick-canterino.de>
Date: Sun, 1 Dec 2024 14:25:15 +0000 (+0100)
Subject: Updated CHANGELOG
X-Git-Tag: 4.6.1~2
X-Git-Url: https://git.p6c8.net/jirafeau.git/commitdiff_plain/57b10c2bca7fd2727c3eb131bf4d7030094781ed?ds=inline

Updated CHANGELOG
---

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 11a3fcd..31b9ec0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,7 @@
 
 - Removed the download button and the corresponding link for encrypted files from the admin interface
 - Fixed an issue with sending the wrong filesize after decrypting an encrypted file
+- Fixed the possibility to bypass the check for CVE-2022-30110 (prevent preview of SVG images) by sending a manipulated HTTP request with a MIME type like "image/svg+XML".
 - We now provide Docker images for AMD64 and ARM64 systems
 - Lots of code refactoring and cleanup
 - Few more little fixes