From 290aee6db33403a4b9426b572b79a990232b31dd Mon Sep 17 00:00:00 2001 From: Simon Wisselink Date: Sun, 21 Feb 2021 22:23:45 +0100 Subject: [PATCH] Update CHANGELOG.md Add CVE's --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e3bb93a4..45286fee 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,8 +9,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [3.1.39] - 2021-02-17 ### Security -- Prevent access to `$smarty.template_object` in sandbox mode -- Fixed code injection vulnerability by using illegal function names in `{function name='blah'}{/function}` +- Prevent access to `$smarty.template_object` in sandbox mode. This addresses CVE-2021-26119. +- Fixed code injection vulnerability by using illegal function names in `{function name='blah'}{/function}`. This addresses CVE-2021-26120. ## [3.1.38] - 2021-01-08