summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Peter <mail@david-peter.de>2021-07-13 10:56:51 +0200
committerDavid Peter <mail@david-peter.de>2021-07-13 10:56:51 +0200
commit945bba777bb65c6d9820e49ffec9c2b28ca01a62 (patch)
tree773d25545ef7e353b6b8b026d7129aa222f08bdd
parent64763eafbeac7a45208e3d22791057e7cbe2dac1 (diff)
Upgrade CHANGELOG with security vulnerability notice
-rw-r--r--CHANGELOG.md4
1 files changed, 3 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index ddef4de5..438c902e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -28,15 +28,17 @@
## Bugfixes
+- Fix for a security vulnerability on Windows. Prior to this release, `bat` would execute programs called `less`/`less.exe` from the current working directory (instead of the one from `PATH`) with priority. An attacker might be able to use this by placing a malicious program in a shared directory where the user would execute `bat`. `bat` users on Windows are advised to upgrade to this version. See #1724 and #1472 (@Ry0taK).
## Other
+- Add bash completion, see #1678 (@scop)
- Fix Clippy lints, see #1661 (@mohamed-abdelnour)
- Add syntax highlighting test files, see #1213 and #1668 (@mohamed-abdelnour)
-- Add bash completion, see #1678 (@scop)
## Syntaxes
+- Upgraded Julia syntax to fix a highlighting bug, see #1692
- Added support for `dash` syntax, see #1654 (@mohamed-abdelnour)
- Added support for `XAML` syntax, see #1590 and #1655 (@mohamed-abdelnour)
- Apply `DotENV` syntax also for `.env.default` and `.env.defaults` files, see #1669