From ade23a965072e06754f1dfafd381c45097c08953 Mon Sep 17 00:00:00 2001
From: Alejandro Celaya <alejandro@alejandrocelaya.com>
Date: Mon, 15 Nov 2021 19:41:38 +0100
Subject: [PATCH] Enforced doctrine/dbal 3.1.4

---
 CHANGELOG.md  | 17 +++++++++++++++++
 composer.json |  3 ++-
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f895b28b7..5c4ac366a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,23 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com), and this project adheres to [Semantic Versioning](https://semver.org).
 
+## [2.9.3] - 2021-11-15
+### Added
+* *Nothing*
+
+### Changed
+* *Nothing*
+
+### Deprecated
+* *Nothing*
+
+### Removed
+* *Nothing*
+
+### Fixed
+* [#1232](https://github.com/shlinkio/shlink/issues/1232) Solved potential SQL injection by enforcing `doctrine/dbal` 3.1.4.
+
+
 ## [2.9.2] - 2021-10-23
 ### Added
 * *Nothing*
diff --git a/composer.json b/composer.json
index 118ae2446..d2a4a97ea 100644
--- a/composer.json
+++ b/composer.json
@@ -18,7 +18,8 @@
         "akrabat/ip-address-middleware": "^2.0",
         "cakephp/chronos": "^2.2",
         "cocur/slugify": "^4.0",
-        "doctrine/migrations": "^3.3",
+        "doctrine/dbal": "^3.1.4",
+        "doctrine/migrations": "^3.3 <3.3.2",
         "doctrine/orm": "^2.9",
         "endroid/qr-code": "^4.2",
         "geoip2/geoip2": "^2.11",