From 5ca6fb31613f9886a448e458b93cd993a8b7cd0b Mon Sep 17 00:00:00 2001 From: "Gavin Barron (from Dev Box)" Date: Wed, 8 Jul 2026 12:56:45 -0700 Subject: [PATCH] - bumps version for release of 1.34.0 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index bcffaba032..fa0370342d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Changed +## [1.34.0] - 2026-07-08 + +### Added + +### Changed + - Fixed a path traversal vulnerability where workspace consumer identifiers (`clientName`/`pluginName`) and workspace configuration keys were used as filesystem path components without containment validation, allowing a crafted name (e.g. `junk/../Victim`) to overwrite another consumer's cached OpenAPI description. [#7919](https://github.com/microsoft/kiota/issues/7919) ## [1.33.0] - 2026-07-06