Add CVE-2021-29418 to CHANGELOG.md

rs · Mar 31, 2021 · 210e1ba · 210e1ba
1 parent fb14b4f
commit 210e1ba
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,13 +1,20 @@
 ## v2.0.1 (Mar 29, 2021)
 
+### IMPORTANT: Security Fix
+
+> This version contains an important security fix. If you are using netmask `<=2.0.0`, please upgrade to `2.0.1` or above.
+
+* Rewrite byte parsing without using JS `parseInt()`([commit](https://github.com/rs/node-netmask/commit/3f19a056c4eb808ea4a29f234274c67bc5a848f4))
+  * This is [CVE-2021-29418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29418).
+  * See also the [npm advisory](https://www.npmjs.com/advisories/1658)
+
 ### Bugfixes
 
 * Add checks on spaces before and after bytes
   * This will now throw an exception when spaces are present like ' 1.2.3.4' or '1. 2.3.4' or '1.2.3.4 '.
 
 ### Internal Changes
 
-* Rewrite byte parsing without using JS `parseInt()`
 * Avoid some useless memory allocations
 * New Mocha testing suite, thanks @kaoudis [#36](https://github.com/rs/node-netmask/pull/36)
 
@@ -51,4 +58,4 @@ See [the change](https://github.com/rs/node-netmask/commit/9f9fc38c6db1a682d2328
 ## v1.0.6 (May 30, 2016)
 
 * Changes before this release are not documented here. Please see [the commit list](https://github.com/rs/node-netmask/commits/master)
-  or the [compare view](https://github.com/rs/node-netmask/compare/1.0.5...rs:1.0.6).
+  or the [compare view](https://github.com/rs/node-netmask/compare/1.0.5...rs:1.0.6).