From 85dabea37cbf8023eda5a1ffe5bd3724a63da701 Mon Sep 17 00:00:00 2001 From: Ben Gamari <ben@smart-cactus.org> Date: Thu, 5 Sep 2024 21:46:18 -0400 Subject: [PATCH] changelog: Add entry for % expansion mitigation --- changelog.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/changelog.md b/changelog.md index 6ee59e8e..8f0bf9ed 100644 --- a/changelog.md +++ b/changelog.md @@ -5,6 +5,10 @@ * Fix command-line escaping logic on Windows when the command file ends with a space or a dot. This is a follow-up for [HSEC-2024-0003](https://github.com/haskell/security-advisories/tree/main/advisories/hackage/process/HSEC-2024-0003.md). +* Migitate another manifestation of the BatBadBut vulnerability via + unescaped `%` expansions. This is another follow-up for + [HSEC-2024-0003](https://github.com/haskell/security-advisories/tree/main/advisories/hackage/process/HSEC-2024-0003.md). + ([#313](https://github.com/haskell/process/issues/313)) ## 1.6.22.0 *August 2024* -- GitLab