Merge pull request #1234 from acelaya-forks/feature/sql-injection

Enforced doctrine/dbal 3.1.4
shlinkio · Nov 15, 2021 · 4a3fa85 · 4a3fa85
2 parents dc8f5d0 + ade23a9
commit 4a3fa85
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,23 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com), and this project adheres to [Semantic Versioning](https://semver.org).
 
+## [2.9.3] - 2021-11-15
+### Added
+* *Nothing*
+
+### Changed
+* *Nothing*
+
+### Deprecated
+* *Nothing*
+
+### Removed
+* *Nothing*
+
+### Fixed
+* [#1232](https://github.com/shlinkio/shlink/issues/1232) Solved potential SQL injection by enforcing `doctrine/dbal` 3.1.4.
+
+
 ## [2.9.2] - 2021-10-23
 ### Added
 * *Nothing*

diff --git a/composer.json b/composer.json
@@ -18,7 +18,8 @@
         "akrabat/ip-address-middleware": "^2.0",
         "cakephp/chronos": "^2.2",
         "cocur/slugify": "^4.0",
-        "doctrine/migrations": "^3.3",
+        "doctrine/dbal": "^3.1.4",
+        "doctrine/migrations": "^3.3 <3.3.2",
         "doctrine/orm": "^2.9",
         "endroid/qr-code": "^4.2",
         "geoip2/geoip2": "^2.11",