From: ArthurHoaro <arthur@hoa.ro>
Date: Tue, 30 Jan 2018 18:15:30 +0000 (+0100)
Subject: Merge tag 'v0.9.4' into latest
X-Git-Url: https://git.immae.eu/?a=commitdiff_plain;h=a74184e1b0a9d503e1ea75812583967e7110c2f2;p=github%2Fshaarli%2FShaarli.git

Merge tag 'v0.9.4' into latest

Release v0.9.4
---

a74184e1b0a9d503e1ea75812583967e7110c2f2
diff --cc CHANGELOG.md
index 0a7b120c,aef32fcf..29e1fd6e
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@@ -178,23 -209,14 +209,30 @@@ Theming
  ### Security
  - Markdown plugin: escape HTML entities by default
  
 +## [v0.8.4](https://github.com/shaarli/Shaarli/releases/tag/v0.8.4) - 2017-03-04
 +### Security
 +- Markdown plugin: escape HTML entities by default
 +
 +
 +## [v0.8.3](https://github.com/shaarli/Shaarli/releases/tag/v0.8.3) - 2017-01-20
 +
 +### Fixed
 +
 +- PHP 7.1 compatibility: add ConfigManager parameter to anti-bruteforce function call in login template.
 +
 +## [v0.8.2](https://github.com/shaarli/Shaarli/releases/tag/v0.8.2) - 2016-12-15
 +
 +### Fixed
 +
 +- Editing a link created before the new ID system would change its permalink.
  
+ ## [v0.8.5](https://github.com/shaarli/Shaarli/releases/tag/v0.8.5) - 2018-01-04
+ **XSS vulnerability fixed. Please update.**
+ 
+ ## Security
+ - Fix an XSS (cross-site-scripting) vulnerability in `index.php` -
+   [CVE-2018-5249](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5249)
+ 
  ## [v0.8.4](https://github.com/shaarli/Shaarli/releases/tag/v0.8.4) - 2017-03-04
  ### Security
  - Markdown plugin: escape HTML entities by default