X-Git-Url: https://git.stderr.nl/gitweb?p=matthijs%2Fupstream%2Fblosxom.git;a=blobdiff_plain;f=ChangeLog;h=f2650e46b71b46b947952e5d4bb1da7877eb9ed8;hp=85c55226771a8615f16668dd3c6ca75340ab7ac7;hb=20572387b9318dc467ea2c3ac703993ce2537ed4;hpb=b9131697cef6d045ddae4970f610595227718ea3

diff --git a/ChangeLog b/ChangeLog
index 85c5522..f2650e4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+v2.1.2
+    * Fix XSS in $flavour (CVE-2008-2236). Thanks to Yoshinori Ohta of
+      Business Architects Inc. for making us aware of this issue.
+
 v2.1.1
     * The "never trust a dot zero release" bugfix release for 2.1.0.
     * Added CVS Id keyword to file header.
@@ -18,7 +22,7 @@ v2.1.1
       Blosxom manages to correctly determine the base URL, you can easily
       set $url in the config file to the correct value and no base URL
       magic happens anymore (except the removing of a trailing slash if
-      present -- as before).
+      present -- as before). Closes: #2032685
     * Added a lot of comments explaining the fixed problems and the
       remaining seldom cases where manual configuration is necessary.