From 945bba777bb65c6d9820e49ffec9c2b28ca01a62 Mon Sep 17 00:00:00 2001
From: David Peter <mail@david-peter.de>
Date: Tue, 13 Jul 2021 10:56:51 +0200
Subject: Upgrade CHANGELOG with security vulnerability notice

---
 CHANGELOG.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ddef4de5..438c902e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -28,15 +28,17 @@
 
 ## Bugfixes
 
+- Fix for a security vulnerability on Windows. Prior to this release, `bat` would execute programs called `less`/`less.exe` from the current working directory (instead of the one from `PATH`) with priority. An attacker might be able to use this by placing a malicious program in a shared directory where the user would execute `bat`. `bat` users on Windows are advised to upgrade to this version. See #1724 and #1472 (@Ry0taK).
 
 ## Other
 
+- Add bash completion, see #1678 (@scop)
 - Fix Clippy lints, see #1661 (@mohamed-abdelnour)
 - Add syntax highlighting test files, see #1213 and #1668 (@mohamed-abdelnour)
-- Add bash completion, see #1678 (@scop)
 
 ## Syntaxes
 
+- Upgraded Julia syntax to fix a highlighting bug, see #1692
 - Added support for `dash` syntax, see #1654 (@mohamed-abdelnour)
 - Added support for `XAML` syntax, see #1590 and #1655 (@mohamed-abdelnour)
 - Apply `DotENV` syntax also for `.env.default` and `.env.defaults` files, see #1669
-- 
cgit v1.2.3