Merge pull request #307 from kiskoza/escape-formulas-by-default

Escape formulas by default
author: Zsolt Kozaroczy <[email protected]> 2023-10-19 10:13:06 +0200
committer: GitHub <[email protected]> 2023-10-19 10:13:06 +0200
commit: 52912ca8ac772144e2fb7b868301a5846b9ee39d (patch)
tree: 28be04ab123214e63ee628d582d36a754a7af855 /CHANGELOG.md
parent: abfe20072384f8457e7a47b6fe4cc8af101bce56 (diff)
parent: d74e85d1ac03954ce1d687fb1245cbee38c4f718 (diff)
download: caxlsx-52912ca8ac772144e2fb7b868301a5846b9ee39d.tar.gz
caxlsx-52912ca8ac772144e2fb7b868301a5846b9ee39d.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 67ca1cfe..d09e3196 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,7 @@ CHANGELOG
   - Fix `Workbook#sheet_by_name` not returning sheets with encoded characters in the name
   - Raise exception if `axlsx_styler` gem is present as its code was merged directly into `caxlsx` in v3.3.0
   - Add 'SortState' and 'SortCondition' classes to the 'AutoFilter' class to add sorting to the generated file.
+  - [PR #189](https://github.com/caxlsx/caxlsx/pull/189) - Make `Axlsx::escape_formulas` true by default to mitigate [Formula Injection](https://www.owasp.org/index.php/CSV_Injection) vulnerabilities.
 
 - **April.23.23**: 3.4.1
   - [PR #209](https://github.com/caxlsx/caxlsx/pull/209) - Revert characters other than `=` being considered as formulas.
author	Zsolt Kozaroczy <[email protected]>	2023-10-19 10:13:06 +0200
committer	GitHub <[email protected]>	2023-10-19 10:13:06 +0200
commit	52912ca8ac772144e2fb7b868301a5846b9ee39d (patch)
tree	28be04ab123214e63ee628d582d36a754a7af855 /CHANGELOG.md
parent	abfe20072384f8457e7a47b6fe4cc8af101bce56 (diff)
parent	d74e85d1ac03954ce1d687fb1245cbee38c4f718 (diff)
download	caxlsx-52912ca8ac772144e2fb7b868301a5846b9ee39d.tar.gz caxlsx-52912ca8ac772144e2fb7b868301a5846b9ee39d.zip