Refactoring usage of $url_escape_re into a function named url_escape_url_path_and_fn.

[pkg/blosxom.git] / ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 70ce5f4126cfadb6a287a70a8373b3b12899f76e..f2650e46b71b46b947952e5d4bb1da7877eb9ed8 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+v2.1.2
+    * Fix XSS in $flavour (CVE-2008-2236). Thanks to Yoshinori Ohta of
+      Business Architects Inc. for making us aware of this issue.
+
 v2.1.1
     * The "never trust a dot zero release" bugfix release for 2.1.0.
     * Added CVS Id keyword to file header.