smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-02 09:24:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update CHANGELOG.md

Browse Source 
Add CVE's
This commit is contained in:
Simon Wisselink
2021-02-21 22:23:45 +01:00
committed by GitHub
parent e2485fa45e
commit 290aee6db3
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@@ -9,8 +9,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [3.1.39] - 2021-02-17 ## [3.1.39] - 2021-02-17
### Security ### Security
- Prevent access to `$smarty.template_object` in sandbox mode - Prevent access to `$smarty.template_object` in sandbox mode. This addresses CVE-2021-26119.
- Fixed code injection vulnerability by using illegal function names in `{function name='blah'}{/function}` - Fixed code injection vulnerability by using illegal function names in `{function name='blah'}{/function}`. This addresses CVE-2021-26120.
## [3.1.38] - 2021-01-08 ## [3.1.38] - 2021-01-08