Update CHANGELOG

twigphp · Nov 6, 2024 · 8b52782 · 8b52782
1 parent ec39a9d
commit 8b52782
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,3 +1,10 @@
+# 3.11.2 (2024-11-06)
+
+ * [BC BREAK] Fix a security issue in the sandbox mode allowing an attacker to call attributes on Array-like objects
+   They are now checked via the property policy
+ * Fix a security issue in the sandbox mode allowing an attacker to be able to call `toString()`
+   under some circumstances on an object even if the `__toString()` method is not allowed by the security policy
+
 # 3.11.1 (2024-09-10)
 
  * Fix a security issue when an included sandboxed template has been loaded before without the sandbox context