Google Git
Sign in
dart / sdk / a4f7bad12efd9c3a272e87cd95b6ef19036823ec^! / .
commita4f7bad12efd9c3a272e87cd95b6ef19036823ec[log] [tgz]
authorJonas Termansen <sortie@google.com>Tue Jun 11 16:13:51 2019 +0200
committerJonas Termansen <sortie@google.com>Tue Jun 11 16:13:51 2019 +0200
treee36f787e0cd13f0a5360e14520b442306b90faf1
parent3972f738ca4e91104e2d6dad9bb1f36147879e98 [diff]
[release] Prepare changelog and version file for 2.3.2 and 2.3.3-dev.0.0

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 950b2ce..299563f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md

@@ -1,34 +1,7 @@
-## 2.3.2-dev.XX.0
+## 2.3.3-dev.XX.0
 (Add new changes here, and they will be copied to the change section for the
  next dev version)
 
-### Security vulnerability
-
-*  **Security improvement:** On Linux and Android, starting a process with
-   `Process.run`, `Process.runSync`, or `Process.start` would first search the
-   current directory before searching `PATH` (Issue [37101][]). This behavior
-   effectively put the current working directory in the front of `PATH`, even if
-   it wasn't in the `PATH`. This release changes that behavior to only searching
-   the directories in the `PATH` environment variable. Operating systems other
-   than Linux and Android didn't have this behavior and aren't affected by this
-   vulnerability.
-
-   This vulnerability could result in execution of untrusted code if a command
-   without a slash in its name was run inside an untrusted directory containing
-   an executable file with that name:
-
-   ```dart
-   Process.run("ls", workingDirectory: "/untrusted/directory")
-   ```
-
-   This would attempt to run `/untrusted/directory/ls` if it existed, even
-   though it is not in the `PATH`. It was always safe to instead use an absolute
-   path or a path containing a slash.
-
-   This vulnerability was introduced in Dart 2.0.0.
-
-[37101]: https://github.com/dart-lang/sdk/issues/37101
-
 ### Core libraries
 
 #### `dart:isolate`
@@ -171,6 +144,37 @@
 * **Breaking change:** The `await for` allowed `null` as a stream due to a bug
   in `StreamIterator` class. This bug has now been fixed.
 
+## 2.3.2 - 2019-06-11
+
+This is a patch version release with a security improvement.
+
+### Security vulnerability
+
+*  **Security improvement:** On Linux and Android, starting a process with
+   `Process.run`, `Process.runSync`, or `Process.start` would first search the
+   current directory before searching `PATH` (Issue [37101][]). This behavior
+   effectively put the current working directory in the front of `PATH`, even if
+   it wasn't in the `PATH`. This release changes that behavior to only searching
+   the directories in the `PATH` environment variable. Operating systems other
+   than Linux and Android didn't have this behavior and aren't affected by this
+   vulnerability.
+
+   This vulnerability could result in execution of untrusted code if a command
+   without a slash in its name was run inside an untrusted directory containing
+   an executable file with that name:
+
+   ```dart
+   Process.run("ls", workingDirectory: "/untrusted/directory")
+   ```
+
+   This would attempt to run `/untrusted/directory/ls` if it existed, even
+   though it is not in the `PATH`. It was always safe to instead use an absolute
+   path or a path containing a slash.
+
+   This vulnerability was introduced in Dart 2.0.0.
+
+[37101]: https://github.com/dart-lang/sdk/issues/37101
+
 ## 2.3.1 - 2019-05-21
 
 This is a patch version release with bug fixes.

diff --git a/tools/VERSION b/tools/VERSION
index 595324e..aa48b1b 100644
--- a/tools/VERSION
+++ b/tools/VERSION

@@ -32,7 +32,7 @@
 CHANNEL be
 MAJOR 2
 MINOR 3
-PATCH 2
+PATCH 3
 PRERELEASE 0
 PRERELEASE_PATCH 0
 ABI_VERSION 5