Skip to content

Commit 73b0e6a

Browse files
author
James Zetlen
committed
chore: update changelog
1 parent e0e8ae3 commit 73b0e6a

File tree

1 file changed

+16
-0
lines changed

1 file changed

+16
-0
lines changed

CHANGELOG.md

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,22 @@
22

33
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
44

5+
<a name="1.1.1"></a>
6+
# [1.1.1](https://github.com/davewasmer/devcert/releases/tag/v1.1.r10)
7+
8+
### Bug Fixes
9+
10+
#### [#55](https://github.com/davewasmer/devcert/pull/55): Fix remote execution vulnerability by switching from execSync to execFileSync
11+
12+
- Change `run()` to use `execFileSync`
13+
- Refactor codebase to use new signature of `run()`
14+
- Add an extra sanitizing step: test arguments passed to `certificateFor` with a (fairly permissive) regular expression limiting them to legal domain name chars
15+
16+
### ⚠️ This is a mandatory update! ⚠️
17+
18+
This release fixes a security vulnerability in previous versions. Previous versions will be deprecated.
19+
20+
521
<a name="1.1.0"></a>
622
# [1.1.0](https://github.com/davewasmer/devcert/releases/tag/v1.1.0)
723

0 commit comments

Comments
 (0)