Skip to content

Commit

Permalink
Update CHANGELOG
Browse files Browse the repository at this point in the history
  • Loading branch information
fabpot committed Nov 6, 2024
1 parent ec39a9d commit 8b52782
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions CHANGELOG
Original file line number Diff line number Diff line change
@@ -1,3 +1,10 @@
# 3.11.2 (2024-11-06)

* [BC BREAK] Fix a security issue in the sandbox mode allowing an attacker to call attributes on Array-like objects
They are now checked via the property policy
* Fix a security issue in the sandbox mode allowing an attacker to be able to call `toString()`
under some circumstances on an object even if the `__toString()` method is not allowed by the security policy

# 3.11.1 (2024-09-10)

* Fix a security issue when an included sandboxed template has been loaded before without the sandbox context
Expand Down

0 comments on commit 8b52782

Please sign in to comment.