diff --git a/CHANGELOG.md b/CHANGELOG.md index fec4e9ed8e..47192ee9f1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,43 @@ +#### v4.6.3 (2025-11-20) + +##### Chores + +* incrementing version number - v4.6.2 (f98747db) +* update changelog for v4.6.2 (8da3819c) +* incrementing version number - v4.6.1 (f47aa678) +* incrementing version number - v4.6.0 (ee395bc5) +* incrementing version number - v4.5.2 (ad2da639) +* incrementing version number - v4.5.1 (69f4b61f) +* incrementing version number - v4.5.0 (f05c5d06) +* incrementing version number - v4.4.6 (074043ad) +* incrementing version number - v4.4.5 (6f106923) +* incrementing version number - v4.4.4 (d323af44) +* incrementing version number - v4.4.3 (d354c2eb) +* incrementing version number - v4.4.2 (55c510ae) +* incrementing version number - v4.4.1 (5ae79b4e) +* incrementing version number - v4.4.0 (0a75eee3) +* incrementing version number - v4.3.2 (b92b5d80) +* incrementing version number - v4.3.1 (308e6b9f) +* incrementing version number - v4.3.0 (bff291db) +* incrementing version number - v4.2.2 (17fecc24) +* incrementing version number - v4.2.1 (852a270c) +* incrementing version number - v4.2.0 (87581958) +* incrementing version number - v4.1.1 (b2afbb16) +* incrementing version number - v4.1.0 (36c80850) +* incrementing version number - v4.0.6 (4a52fb2e) +* incrementing version number - v4.0.5 (1792a62b) +* incrementing version number - v4.0.4 (b1125cce) +* incrementing version number - v4.0.3 (2b65c735) +* incrementing version number - v4.0.2 (73fe5fcf) +* incrementing version number - v4.0.1 (a461b758) +* incrementing version number - v4.0.0 (c1eaee45) + +##### Bug Fixes + +* update validator dep. to get fix for CVE-2025-56200 (af477d0c) +* missing logic in mocks.notes.private that precluded the use of emoji (76a07d59) +* tiny fix for IS when page is empty (12dab849) + #### v4.6.2 (2025-11-19) ##### Chores diff --git a/install/package.json b/install/package.json index 8a9138cc47..92ab2cd6fb 100644 --- a/install/package.json +++ b/install/package.json @@ -2,7 +2,7 @@ "name": "nodebb", "license": "GPL-3.0", "description": "NodeBB Forum", - "version": "4.6.2", + "version": "4.6.3", "homepage": "https://www.nodebb.org", "repository": { "type": "git", diff --git a/test/user/custom-fields.js b/test/user/custom-fields.js index df4feb2432..8a637f49a2 100644 --- a/test/user/custom-fields.js +++ b/test/user/custom-fields.js @@ -88,6 +88,14 @@ describe('custom user fields', () => { { message: '[[error:custom-user-field-invalid-link, Website]]' }, ); + await assert.rejects( + user.updateProfile(highRepUid, { + uid: highRepUid, + website: 'javascript:alert("xss")', + }), + { message: '[[error:custom-user-field-invalid-link, Website]]' }, + ); + await assert.rejects( user.updateProfile(highRepUid, { uid: highRepUid,