update changelog

9cb66f6d · Aaron Patterson · fbc7bec0 · 9cb66f6d · 9cb66f6d · 9cb66f6d
4 changed file
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
+*   [CVE-2020-8166] HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a per-form token
+
+*   [CVE-2020-8164] Return self when calling #each, #each_pair, and #each_value instead of the raw @parameters hash
+
+
 ## Rails 5.2.4.1 (December 18, 2019) ##

 *   Fix possible information leak / session hijacking vulnerability.

--- a/actionview/CHANGELOG.md
+++ b/actionview/CHANGELOG.md
+*   [CVE-2020-8167] Check that request is same-origin prior to including CSRF token in XHRs
+
+
 ## Rails 5.2.4.1 (December 18, 2019) ##

 *   No changes.

--- a/activestorage/CHANGELOG.md
+++ b/activestorage/CHANGELOG.md
+*   [CVE-2020-8162] Include Content-Length in signature for ActiveStorage direct upload
+
+
 ## Rails 5.2.4.1 (December 18, 2019) ##

 *   No changes.

--- a/activesupport/CHANGELOG.md
+++ b/activesupport/CHANGELOG.md
+*   [CVE-2020-8165] Deprecate Marshal.load on raw cache read in RedisCacheStore
+
+*   [CVE-2020-8165] Avoid Marshal.load on raw cache value in MemCacheStore
+
 ## Rails 5.2.4.1 (December 18, 2019) ##

 *   No changes.