X-Git-Url: https://git.stderr.nl/gitweb?p=matthijs%2Fupstream%2Fblosxom.git;a=blobdiff_plain;f=ChangeLog;h=f2650e46b71b46b947952e5d4bb1da7877eb9ed8;hp=4f37cffbb1a5f018479c2b8dad708115265419ae;hb=20572387b9318dc467ea2c3ac703993ce2537ed4;hpb=f1da102c13a1013ae24a26beec1f6cac2dc5f76c

diff --git a/ChangeLog b/ChangeLog
index 4f37cff..f2650e4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,9 @@
+v2.1.2
+    * Fix XSS in $flavour (CVE-2008-2236). Thanks to Yoshinori Ohta of
+      Business Architects Inc. for making us aware of this issue.
+
 v2.1.1
+    * The "never trust a dot zero release" bugfix release for 2.1.0.
     * Added CVS Id keyword to file header.
     * Declaring $encode_xml_entities as a config option by moving it into
       the config section -- no functionality change.
@@ -17,7 +22,7 @@ v2.1.1
       Blosxom manages to correctly determine the base URL, you can easily
       set $url in the config file to the correct value and no base URL
       magic happens anymore (except the removing of a trailing slash if
-      present -- as before).
+      present -- as before). Closes: #2032685
     * Added a lot of comments explaining the fixed problems and the
       remaining seldom cases where manual configuration is necessary.