[release] Prepare changelog and version file for 2.3.2 and 2.3.3-dev.0.0

tangaowei · Jun 11, 2019 · a4f7bad · a4f7bad
1 parent 3972f73
commit a4f7bad
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 29 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,34 +1,7 @@
-## 2.3.2-dev.XX.0
+## 2.3.3-dev.XX.0
 (Add new changes here, and they will be copied to the change section for the
  next dev version)
 
-### Security vulnerability
-
-*  **Security improvement:** On Linux and Android, starting a process with
-   `Process.run`, `Process.runSync`, or `Process.start` would first search the
-   current directory before searching `PATH` (Issue [37101][]). This behavior
-   effectively put the current working directory in the front of `PATH`, even if
-   it wasn't in the `PATH`. This release changes that behavior to only searching
-   the directories in the `PATH` environment variable. Operating systems other
-   than Linux and Android didn't have this behavior and aren't affected by this
-   vulnerability.
-
-   This vulnerability could result in execution of untrusted code if a command
-   without a slash in its name was run inside an untrusted directory containing
-   an executable file with that name:
-
-   ```dart
-   Process.run("ls", workingDirectory: "/untrusted/directory")
-   ```
-
-   This would attempt to run `/untrusted/directory/ls` if it existed, even
-   though it is not in the `PATH`. It was always safe to instead use an absolute
-   path or a path containing a slash.
-
-   This vulnerability was introduced in Dart 2.0.0.
-
-[37101]: https://github.com/dart-lang/sdk/issues/37101
-
 ### Core libraries
 
 #### `dart:isolate`
@@ -171,6 +144,37 @@ Updated the linter to `0.1.89`, which includes the following changes:
 * **Breaking change:** The `await for` allowed `null` as a stream due to a bug
   in `StreamIterator` class. This bug has now been fixed.
 
+## 2.3.2 - 2019-06-11
+
+This is a patch version release with a security improvement.
+
+### Security vulnerability
+
+*  **Security improvement:** On Linux and Android, starting a process with
+   `Process.run`, `Process.runSync`, or `Process.start` would first search the
+   current directory before searching `PATH` (Issue [37101][]). This behavior
+   effectively put the current working directory in the front of `PATH`, even if
+   it wasn't in the `PATH`. This release changes that behavior to only searching
+   the directories in the `PATH` environment variable. Operating systems other
+   than Linux and Android didn't have this behavior and aren't affected by this
+   vulnerability.
+
+   This vulnerability could result in execution of untrusted code if a command
+   without a slash in its name was run inside an untrusted directory containing
+   an executable file with that name:
+
+   ```dart
+   Process.run("ls", workingDirectory: "/untrusted/directory")
+   ```
+
+   This would attempt to run `/untrusted/directory/ls` if it existed, even
+   though it is not in the `PATH`. It was always safe to instead use an absolute
+   path or a path containing a slash.
+
+   This vulnerability was introduced in Dart 2.0.0.
+
+[37101]: https://github.com/dart-lang/sdk/issues/37101
+
 ## 2.3.1 - 2019-05-21
 
 This is a patch version release with bug fixes.

diff --git a/tools/VERSION b/tools/VERSION
@@ -32,7 +32,7 @@
 CHANNEL be
 MAJOR 2
 MINOR 3
-PATCH 2
+PATCH 3
 PRERELEASE 0
 PRERELEASE_PATCH 0
 ABI_VERSION 5