From ecfa500f36c69afdbe8f6c3de10560c3c64966fb Mon Sep 17 00:00:00 2001 From: Fenhl Date: Mon, 22 Jan 2024 15:13:45 +0000 Subject: [PATCH] Update changelog --- CHANGELOG.md | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 95552b4..c958ccf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,11 +1,28 @@ +# Unreleased + +* Fixed the URL of the security advisory linked from the documentation. + +# 1.3.0 + +* Full fix for the high-severity security vulnerability [RUSTSEC-2024-0006](https://rustsec.org/advisories/RUSTSEC-2024-0006.html) a.k.a. [GHSA-r7qv-8r2h-pg27](https://github.com/comex/rust-shlex/security/advisories/GHSA-r7qv-8r2h-pg27): + * Deprecates quote APIs in favor of `try_` equivalents that complain about nul bytes. + * Also adds a builder API, which allows re-enabling nul bytes without using the deprecated interface, and in the future can allow other things (as discussed in quoting_warning). + * Adds documentation about various security risks that remain, particularly with interactive shells. +* Adds explicit MSRV of 1.46.0. + +# 1.2.1 + +* Partial fix for the high-severity security vulnerability [RUSTSEC-2024-0006](https://rustsec.org/advisories/RUSTSEC-2024-0006.html) a.k.a. [GHSA-r7qv-8r2h-pg27](https://github.com/comex/rust-shlex/security/advisories/GHSA-r7qv-8r2h-pg27) without bumping MSRV: + * The bytes `{` and `\xa0` are now escaped by quoting functions. + # 1.2.0 * Adds `bytes` module to support operating directly on byte strings. # 1.1.0 -* Adds the `std` feature (enabled by default) -* Disabling the `std` feature makes the crate work in `#![no_std]` mode, assuming presence of the `alloc` crate +* Adds the `std` feature (enabled by default). +* Disabling the `std` feature makes the crate work in `#![no_std]` mode, assuming presence of the `alloc` crate. # 1.0.0