Merge pull request #43 from Ry0taK/master

rs · web-flow · commit eb8b2c525d78 · 2021-03-31T11:26:24.000+02:00
Add CVE-2021-29418 to CHANGELOG.md
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,13 +1,19 @@
 ## v2.0.1 (Mar 29, 2021)
 
+### IMPORTANT: Security Fix
+
+> This version contains an important security fix. If you are using netmask `<=2.0.0`, please upgrade to `2.0.1` or above.
+
+* Rewrite byte parsing without using JS `parseInt()`([commit](https://github.com/rs/node-netmask/commit/3f19a056c4eb808ea4a29f234274c67bc5a848f4))
+  * This is [CVE-2021-29418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29418).
+
 ### Bugfixes
 
 * Add checks on spaces before and after bytes
   * This will now throw an exception when spaces are present like ' 1.2.3.4' or '1. 2.3.4' or '1.2.3.4 '.
 
 ### Internal Changes
 
-* Rewrite byte parsing without using JS `parseInt()`
 * Avoid some useless memory allocations
 * New Mocha testing suite, thanks @kaoudis [#36](https://github.com/rs/node-netmask/pull/36)
 
@@ -51,4 +57,4 @@ See [the change](https://github.com/rs/node-netmask/commit/9f9fc38c6db1a682d2328
 ## v1.0.6 (May 30, 2016)
 
 * Changes before this release are not documented here. Please see [the commit list](https://github.com/rs/node-netmask/commits/master)
-  or the [compare view](https://github.com/rs/node-netmask/compare/1.0.5...rs:1.0.6).
+  or the [compare view](https://github.com/rs/node-netmask/compare/1.0.5...rs:1.0.6).
