From 7b4886304121b14f29f546f238fa142095d6e4e2 Mon Sep 17 00:00:00 2001 From: Ainar Garipov Date: Thu, 29 Sep 2022 19:51:33 +0300 Subject: [PATCH] Pull request: upd-chlog Merge in DNS/adguard-home from upd-chlog to master Squashed commit of the following: commit b53de96bc5d1bc0ff81ceb6c716614fd094913e7 Author: Ainar Garipov Date: Thu Sep 29 19:46:36 2022 +0300 all: upd chlog --- CHANGELOG.md | 48 ++++++++++++++++++++++++++++-------------------- 1 file changed, 28 insertions(+), 20 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ed20426c..492ba690 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,11 +12,31 @@ and this project adheres to ## [Unreleased] + + + + + + +## [v0.107.14] - 2022-09-29 + +See also the [v0.107.14 GitHub milestone][ms-v0.107.14]. + ### Security +A Cross-Site Request Forgery (CSRF) vulnerability has been discovered. The CVE +number is to be assigned. We thank Daniel Elkabes from Mend.io for reporting +this vulnerability to us. + #### `SameSite` Policy The `SameSite` policy on the AdGuard Home session cookies is now set to `Lax`. @@ -28,10 +48,9 @@ after updating.** #### Removal Of Plain-Text APIs (BREAKING API CHANGE) -A Cross-Site Request Forgery (CSRF) vulnerability has been discovered. We have -implemented several measures to prevent such vulnerabilities in the future, but -some of these measures break backwards compatibility for the sake of better -protection. +We have implemented several measures to prevent such vulnerabilities in the +future, but some of these measures break backwards compatibility for the sake of +better protection. The following APIs, which previously accepted or returned `text/plain` data, now accept or return data as JSON. All new formats for the request and response @@ -42,9 +61,6 @@ bodies are documented in `openapi/openapi.yaml` and `openapi/CHANGELOG.md`. - `POST /control/filtering/set_rules`; - `POST /control/i18n/change_language`. -The CVE number is to be assigned. We thank Daniel Elkabes from Mend.io for -reporting this vulnerability to us. - #### Stricter Content-Type Checks (BREAKING API CHANGE) All JSON APIs now check if the request actually has the `application/json` @@ -68,16 +84,7 @@ content-type. [#4927]: https://github.com/AdguardTeam/AdGuardHome/issues/4927 [#4930]: https://github.com/AdguardTeam/AdGuardHome/issues/4930 - - - - @@ -1276,11 +1283,12 @@ See also the [v0.104.2 GitHub milestone][ms-v0.104.2]. -[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.13...HEAD +[Unreleased]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.14...HEAD +[v0.107.14]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.13...v0.107.14 [v0.107.13]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.12...v0.107.13 [v0.107.12]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.11...v0.107.12 [v0.107.11]: https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.10...v0.107.11