Mention v2.2.4 fix in v4.0.1 changelog entry

ether · May 5, 2022 · 32c9098 · 32c9098
1 parent 5447f9e
commit 32c9098
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,14 @@
 # Notable Changes
 
+## v4.0.1
+
+Security fix:
+
+  * `getSub()` now returns `null` when it encounters a non-"own" property
+    (including `__proto__`) or any non-object while walking the given property
+    path. This should make it easier to avoid accidental prototype pollution
+    vulnerabilities.
+
 ## v4.0.0
 
 Compatibility changes: