Release 4.6.3

userfrosting · Dec 15, 2021 · 15d713a · 15d713a
2 parents ccaf4de + 6213730
commit 15d713a
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [v4.6.3](https://github.com/userfrosting/UserFrosting/compare/v4.6.2...v4.6.3)
+
+### Security
+- Added placeholder URL for `site.uri.public` in configuration to guard against Host Header Injection attacks by default in production.
+
 ## [v4.6.2]
 
 ### Changes

diff --git a/app/sprinkles/core/config/production.php b/app/sprinkles/core/config/production.php
@@ -52,6 +52,9 @@
             'ajax' => false,
             'info' => false,
         ],
+        'uri' => [
+            'public' => 'https://example.com',
+        ],
     ],
     /*
      * Send errors to log