From e0e04220109920575179a8f924543449c6de0706 Mon Sep 17 00:00:00 2001
From: Ozzie Isaacs <ozzie.fernandez.isaacs@googlemail.com>
Date: Mon, 24 Jan 2022 19:18:40 +0100
Subject: [PATCH] Upates for new release

---
 SECURITY.md      | 3 +++
 cps/constants.py | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/SECURITY.md b/SECURITY.md
index c6f866073..3e5a965dd 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -29,6 +29,9 @@ To receive fixes for security vulnerabilities it is required to always upgrade t
 | V 0.6.15      | Cross-Site Scripting vulnerability on uploaded cover file names. Thanks to @ibarrionuevo                           ||
 | V 0.6.15      | Creating public shelfs is now denied if user is missing the edit public shelf right. Thanks to @ibarrionuevo       ||
 | V 0.6.15      | Changed error message in case of trying to delete a shelf unauthorized. Thanks to @ibarrionuevo                    ||
+| V 0.6.16      | JavaScript could get executed on authors page. Thanks to @alicaz                                                   ||
+| V 0.6.16      | Localhost can no longer be used to upload covers. Thanks to @scara31                                               ||
+| V 0.6.16      | Another case where public shelfs could be created without permission is prevented. Thanks to @ibarrionuevo         ||
 
 
 ## Staement regarding Log4j (CVE-2021-44228 and related)
diff --git a/cps/constants.py b/cps/constants.py
index 7fb973fc3..281517cc4 100644
--- a/cps/constants.py
+++ b/cps/constants.py
@@ -151,7 +151,7 @@ def selected_roles(dictionary):
 BookMeta = namedtuple('BookMeta', 'file_path, extension, title, author, cover, description, tags, series, '
                                   'series_id, languages, publisher')
 
-STABLE_VERSION = {'version': '0.6.16 Beta'}
+STABLE_VERSION = {'version': '0.6.16'}
 
 NIGHTLY_VERSION = {}
 NIGHTLY_VERSION[0] = '$Format:%H$'