Update changelog

author: Florian Bruhin <me@the-compiler.org> 2021-10-21 18:43:39 +0200
committer: Florian Bruhin <me@the-compiler.org> 2021-10-21 18:48:46 +0200
commit: 1e1aa4e89187bc70f27af18231942608003ae168 (patch)
tree: 85cd7c50ab3fb4f78d1437496ba08881110b328c
parent: bcd91f3d4a0c2abec3c2742681f71f77643cfd3d (diff)
download: qutebrowser-1e1aa4e89187bc70f27af18231942608003ae168.tar.gz
qutebrowser-1e1aa4e89187bc70f27af18231942608003ae168.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/doc/changelog.asciidoc b/doc/changelog.asciidoc
index c17f35eec..b3f99fb05 100644
--- a/doc/changelog.asciidoc
+++ b/doc/changelog.asciidoc
@@ -19,6 +19,14 @@ breaking changes (such as renamed commands) can happen in minor releases.
 v2.4.0 (unreleased)
 -------------------
 
+Security
+~~~~~~~~
+
+- **CVE-2021-41146**: Fix arbitrary command execution on Windows via URL handler
+  argument injection. See the
+  https://github.com/qutebrowser/qutebrowser/security/advisories/GHSA-vw27-fwjf-5qxm[security advisory]
+  for details.
+
 Added
 ~~~~~
author	Florian Bruhin <me@the-compiler.org>	2021-10-21 18:43:39 +0200
committer	Florian Bruhin <me@the-compiler.org>	2021-10-21 18:48:46 +0200
commit	1e1aa4e89187bc70f27af18231942608003ae168 (patch)
tree	85cd7c50ab3fb4f78d1437496ba08881110b328c
parent	bcd91f3d4a0c2abec3c2742681f71f77643cfd3d (diff)
download	qutebrowser-1e1aa4e89187bc70f27af18231942608003ae168.tar.gz qutebrowser-1e1aa4e89187bc70f27af18231942608003ae168.zip