Added CVE reference to changelog

This commit is contained in:
Mark Baker 2014-02-21 10:53:52 +00:00
parent 6c8884b2eb
commit 65178504ca

View File

@ -64,6 +64,7 @@ Fixed in develop branch for release v1.8.0:
- General: (infojunkie) Work Item GH-276 - Convert properties to string in OOCalc reader - General: (infojunkie) Work Item GH-276 - Convert properties to string in OOCalc reader
- Security: (maartenba) Work Item GH-322 - Disable libxml external entity loading by default. - Security: (maartenba) Work Item GH-322 - Disable libxml external entity loading by default.
This is to prevent XML External Entity Processing (XXE) injection attacks (see http://websec.io/2012/08/27/Preventing-XEE-in-PHP.html for an explanation of XXE injection). This is to prevent XML External Entity Processing (XXE) injection attacks (see http://websec.io/2012/08/27/Preventing-XEE-in-PHP.html for an explanation of XXE injection).
Reference CVE-2014-2054
Fixed in develop branch for release v1.7.9: Fixed in develop branch for release v1.7.9: