]> git.p6c8.net - jirafeau/jirafeau.git/commitdiff
git.p6c8.net / jirafeau / jirafeau.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ab1f341)
Mentioned CVE-2025-7066
authorPatrick Canterino <patrick@patrick-canterino.de>
Fri, 8 Aug 2025 13:00:52 +0000 (15:00 +0200)
committerPatrick Canterino <patrick@patrick-canterino.de>
Fri, 8 Aug 2025 13:21:40 +0000 (15:21 +0200)
CHANGELOG.md patch | blob | history

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 19f69e4e1ee8e8806f217bf875fa1ab649e5f1c4..d06a0bc1e41a23f019870391542f9c108f94f2ce 100644 (file)
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,7 +18,7 @@
 
 ## Version 4.6.3
 
-- Fixed the possibility to bypass the checks for [CVE-2022-30110](https://www.cve.org/CVERecord?id=CVE-2022-30110) and [CVE-2024-12326](https://www.cve.org/CVERecord?id=CVE-2024-12326) (prevent preview of SVG images and other critical files) by sending a manipulated HTTP request with a MIME type like "image/png,text/html". When doing the preview, the MIME type "text/html" takes precedence and you can execute for example JavaScript code.
+- Fixed the possibility to bypass the checks for [CVE-2022-30110](https://www.cve.org/CVERecord?id=CVE-2022-30110) and [CVE-2024-12326](https://www.cve.org/CVERecord?id=CVE-2024-12326) (prevent preview of SVG images and other critical files) by sending a manipulated HTTP request with a MIME type like "image/png,text/html". When doing the preview, the MIME type "text/html" takes precedence and you can execute for example JavaScript code. This issue has subsequently been reported as [CVE-2025-7066](https://www.cve.org/CVERecord?id=CVE-2025-7066).
 - Compare password hashes using `hash_equals()`
 - Upgrade from 4.6.2: in-place upgrade
 
Fork of Jirafeau by a group of developers after mojo42 discontinued it; main repository at https://gitlab.com/jirafeau/Jirafeau

patrick-canterino.de