update CHANGELOG for v1.4.3

rails · Jun 9, 2022 · 924e3ab · 924e3ab
1 parent 9b79253
commit 924e3ab
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,14 @@
+## 1.4.3 / 2022-06-09
+
+* Address a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.
+
+  Prevent the combination of `select` and `style` as allowed tags in SafeListSanitizer.
+
+  Fixes CVE-2022-32209
+
+  *Mike Dalessio*
+
+
 ## 1.4.2 / 2021-08-23
 
 * Slightly improve performance.