version bump6.1.1

author: Bernhard Posselt <dev@bernhard-posselt.com> 2015-11-12 17:35:13 +0100
committer: Bernhard Posselt <dev@bernhard-posselt.com> 2015-11-12 17:35:13 +0100
commit: 16ea6830ddc2200aa5b553fe995af9be403f690d (patch)
tree: 508c8802d6e3025e3aa5a067e45009f121e3a12d /CHANGELOG.md
parent: 7df1dbb76f38b683de0c173246aea694687e16cb (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 40b1b9c07..87f85e5e0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,6 @@
+owncloud-news (6.1.1)
+* **Security**: Update picoFeed to add an [XXE fix for php-fpm](http://framework.zend.com/security/advisory/ZF2015-06) on systems with PHP <5.5.22 or >5.6 and <5.6.6. This issue allows any user with access to the News app to read abitrary files from the server. For more information read up on the [Zend advisory](http://framework.zend.com/security/advisory/ZF2015-06) and the [OWASP page](https://www.owasp.org/index.php/XML_External_Entity_%28XXE%29_Processing). Affected supported distributions include [Ubuntu 14.04](https://bugs.launchpad.net/ubuntu/trusty/+source/php5/+bug/1509817)
+
 owncloud-news (6.1.0)
 * **Backwards incompatible change**: Removed several web routes and feed service methods by generalizing feed object changes using a patch method
 * **Enhancement**: Update articles if the pubdate is newer than the current one, #877
author	Bernhard Posselt <dev@bernhard-posselt.com>	2015-11-12 17:35:13 +0100
committer	Bernhard Posselt <dev@bernhard-posselt.com>	2015-11-12 17:35:13 +0100
commit	16ea6830ddc2200aa5b553fe995af9be403f690d (patch)
tree	508c8802d6e3025e3aa5a067e45009f121e3a12d /CHANGELOG.md
parent	7df1dbb76f38b683de0c173246aea694687e16cb (diff)