From f8b32e717ea6b50ce86e181d7066e0d5f8b18361 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulises=20Gasc=C3=B3n?= Date: Thu, 9 Jul 2026 12:35:18 +0200 Subject: [PATCH] docs: include security fix in 1.20.6 changes Ref: https://github.com/expressjs/body-parser/security/advisories/GHSA-v422-hmwv-36x6 --- HISTORY.md | 1 + 1 file changed, 1 insertion(+) diff --git a/HISTORY.md b/HISTORY.md index 397213a8..c623311f 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,5 +1,6 @@ 1.20.6 / 2026-07-09 =================== +* Security fix for [GHSA-v422-hmwv-36x6](https://github.com/expressjs/body-parser/security/advisories/GHSA-v422-hmwv-36x6) * fix: improve `limit` option validation (#698) * Invalid `limit` values (e.g. unparseable strings or `NaN`) now throw instead of being silently ignored, which previously disabled size limit enforcement * `null` and `undefined` fall back to the default 100kb limit