Added information related to CVE-2016-3092.
git-svn-id: https://svn.apache.org/repos/asf/commons/proper/fileupload/trunk@1749636 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 7c51c16..e9afa1b 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -65,6 +65,15 @@
</action>
</release>
+ <release version="1.3.2" description=
+"This is a security and maintenance release that includes an important security
+fix as well. Compared to 1.3.1, no other changes have been made." date="2014-02-07">
+ <action dev="jochen" type="fix">
+ SECURITY - CVE-2016-3092. Specially crafted input can trigger a DoS, if the
+ size of the MIME boundard is close to the size of the buffer in MultipartStream.
+ (Similar to CVE-2014-0050.)
+ </action>
+ </release>
<release version="1.3.1" description=
"This is a security and maintenance release that includes an important security
fix as well as a small number of bugfixes." date="2014-02-07">