Update blog post for CVE-2023-46131

grails · Jan 29, 2024 · 030cdd7 · 030cdd7
1 parent 7f2bac5
commit 030cdd7
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/posts/2023-12-20-cve-data-binding-dos.md b/posts/2023-12-20-cve-data-binding-dos.md
@@ -29,9 +29,12 @@ Most Grails framework applications are susceptible, from Grails version 2.x and
 
 The Grails Team recommends that all Grails framework applications upgrade to a patched version of the framework. Patches are available for Grails in these versions:
   * [6.1.0](https://github.com/grails/grails-core/releases/tag/v6.1.0)
-  * [5.3.5](https://github.com/grails/grails-core/releases/tag/v5.3.5)
-  * [4.1.3](https://github.com/grails/grails-core/releases/tag/v4.1.3)
-  * [3.3.17](https://github.com/grails/grails-core/releases/tag/v3.3.17)
+  * [5.3.6](https://github.com/grails/grails-core/releases/tag/v5.3.6)
+  * [4.1.4](https://github.com/grails/grails-core/releases/tag/v4.1.4)
+  * [3.3.18](https://github.com/grails/grails-core/releases/tag/v3.3.18)
+
+(**2024 Jan 29 Update:** An earlier revision of this blog post recommended release versions that patched the vulnerability but unfortunately introduced an unrelated defect.
+This defect has been fixed, and the recommended versions above reflect the patched, fixed releases.)
 
 The best way to protect your application is to upgrade to a patched release.