From 796dd78757902435d1bd286415feea78098e45ba Mon Sep 17 00:00:00 2001
From: Jordan Mele <jordan.mele@outlook.com.au>
Date: Sun, 12 Dec 2021 12:22:58 +1100
Subject: [PATCH 1/2] Placeholder for `site.uri.public` in production

---
 CHANGELOG.md                             | 5 +++++
 app/sprinkles/core/config/production.php | 3 +++
 2 files changed, 8 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3f99d8258..677b9a78d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## Unreleased
+
+### Security
+- Added placeholder URL for `site.uri.public` in configuration to guard against Host Header Injection attacks by default in production.
+
 ## [v4.6.2]
 
 ### Changes
diff --git a/app/sprinkles/core/config/production.php b/app/sprinkles/core/config/production.php
index 6c57a6757..8272211e2 100644
--- a/app/sprinkles/core/config/production.php
+++ b/app/sprinkles/core/config/production.php
@@ -52,6 +52,9 @@
             'ajax' => false,
             'info' => false,
         ],
+        'uri' => [
+            'public' => 'https://example.com',
+        ],
     ],
     /*
      * Send errors to log

From 621373002867c76bc581114b352b32ce2c19fb07 Mon Sep 17 00:00:00 2001
From: Louis Charette <lcharette@users.noreply.github.com>
Date: Sun, 12 Dec 2021 10:20:10 -0500
Subject: [PATCH 2/2] Update CHANGELOG.md

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 677b9a78d..8f1baf2d0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
-## Unreleased
+## [v4.6.3](https://github.com/userfrosting/UserFrosting/compare/v4.6.2...v4.6.3)
 
 ### Security
 - Added placeholder URL for `site.uri.public` in configuration to guard against Host Header Injection attacks by default in production.