diff --git a/CHANGELOG.md b/CHANGELOG.md index 8a7e0a98..c56b8837 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,23 @@ The format is based on [Keep a Changelog](https://keepachangelog.com), and this * *Nothing* +## [2.9.3] - 2021-11-15 +### Added +* *Nothing* + +### Changed +* *Nothing* + +### Deprecated +* *Nothing* + +### Removed +* *Nothing* + +### Fixed +* [#1232](https://github.com/shlinkio/shlink/issues/1232) Solved potential SQL injection by enforcing `doctrine/dbal` 3.1.4. + + ## [2.9.2] - 2021-10-23 ### Added * *Nothing* diff --git a/composer.json b/composer.json index 7abcf315..d520f6fb 100644 --- a/composer.json +++ b/composer.json @@ -18,7 +18,8 @@ "akrabat/ip-address-middleware": "^2.0", "cakephp/chronos": "^2.2", "cocur/slugify": "^4.0", - "doctrine/migrations": "^3.3", + "doctrine/dbal": "^3.1.4", + "doctrine/migrations": "^3.3 <3.3.2", "doctrine/orm": "^2.9", "endroid/qr-code": "^4.2", "geoip2/geoip2": "^2.11",