Updated changelog

author: Armin Ronacher <armin.ronacher@active-4.com> 2016-12-29 14:14:44 +0100
committer: Armin Ronacher <armin.ronacher@active-4.com> 2016-12-29 14:14:44 +0100
commit: 002edca796f4e69e53d0491e5b1319955082ed02 (patch)
tree: c5a9530be64ef4cc8eedf1802b7852cd3df539f7 /CHANGES
parent: 9b53045c34e61013dc8f09b7e52a555fa16bed16 (diff)
download: jinja-002edca796f4e69e53d0491e5b1319955082ed02.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/CHANGES b/CHANGES
index 4e5df26c..e3e75820 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,9 +4,12 @@ Jinja2 Changelog
 Version 2.8.1
 -------------
 
-(unreleased bugfix release)
+(bugfix release, released on December 29th 2016)
 
 - Fixed the `for_qs` flag for `urlencode`.
+- SECURITY: if the sandbox mode is used format expressions are now sandboxed
+  with the same rules as in Jinja.  This solves various information leakage
+  problems that can occur with format strings.
 
 Version 2.8
 -----------
author	Armin Ronacher <armin.ronacher@active-4.com>	2016-12-29 14:14:44 +0100
committer	Armin Ronacher <armin.ronacher@active-4.com>	2016-12-29 14:14:44 +0100
commit	002edca796f4e69e53d0491e5b1319955082ed02 (patch)
tree	c5a9530be64ef4cc8eedf1802b7852cd3df539f7 /CHANGES
parent	9b53045c34e61013dc8f09b7e52a555fa16bed16 (diff)
download	jinja-002edca796f4e69e53d0491e5b1319955082ed02.tar.gz