From 5316b352b6ed38595e99622eeb954a2cd0b1d5c2 Mon Sep 17 00:00:00 2001 From: Mitsuhiro Shibuya Date: Wed, 29 Nov 2023 13:31:37 +0900 Subject: [PATCH] Version 3.0.5 --- CHANGELOG.md | 8 ++++++++ lib/carrierwave/version.rb | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 75db018e0..4bfe6d17a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,14 @@ This project adheres to [Semantic Versioning](http://semver.org/). ## [Unreleased] +## 3.0.5 - 2023-11-29 + +### Fixed +* Remove unnecessary if clause within #filename left in the uploader template (@rajyan, [#2711](https://github.com/carrierwaveuploader/carrierwave/pull/2711)) + +### Security +* Fix Content-Type allowlist bypass vulnerability, possibly leading to XSS (@mshibuya, [863d425](https://github.com/carrierwaveuploader/carrierwave/commit/863d425c76eba12c3294227b39018f6b2dccbbf3), [GHSA-gxhx-g4fq-49hj](https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj)) + ## 3.0.4 - 2023-10-08 ### Fixed diff --git a/lib/carrierwave/version.rb b/lib/carrierwave/version.rb index 310b82817..eae61723c 100644 --- a/lib/carrierwave/version.rb +++ b/lib/carrierwave/version.rb @@ -1,3 +1,3 @@ module CarrierWave - VERSION = "3.0.4".freeze + VERSION = "3.0.5".freeze end