Merge pull request from GHSA-6367-mm8f-96gr

Escape Excel Output
GhostManager · Jun 13, 2023 · 195530a · 195530a
2 parents 1b91289 + e03d921
commit 195530a
Show file tree

Hide file tree

Showing 5 changed files with 125 additions and 103 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,7 +4,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [Unreleased] - 1 June 2023
+## [3.2.9] - 13 June 2023
+
+### Added
+
+* Added CVSS and tags to the finding rows in the Excel workbook report (xlsx)
 
 ### Changed
 
@@ -14,6 +18,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 * The linter will now recognize the `id` value on findings as valid
 
+### Security
+
+* Added checks to escape potential formulas in Excel workbooks
+  * Please see security advisory for details: [https://github.com/GhostManager/Ghostwriter/security/advisories/GHSA-6367-mm8f-96gr](https://github.com/GhostManager/Ghostwriter/security/advisories/GHSA-6367-mm8f-96gr)
+
 ## [3.2.8] - 24 May 2023
 
 ### Added

diff --git a/VERSION b/VERSION
@@ -1,2 +1,2 @@
-v3.2.8
-24 May 2023
+v3.2.9
+13 June 2023
diff --git a/config/settings/base.py b/config/settings/base.py
@@ -11,9 +11,9 @@
 # 3rd Party Libraries
 import environ
 
-__version__ = "3.2.8"
+__version__ = "3.2.9"
 VERSION = __version__
-RELEASE_DATE = "24 May 2023"
+RELEASE_DATE = "13 June 2023"
 
 ROOT_DIR = Path(__file__).resolve(strict=True).parent.parent.parent
 APPS_DIR = ROOT_DIR / "ghostwriter"