From 6611a1e8d255ec73d03690e96496e4f79da3cb19 Mon Sep 17 00:00:00 2001
From: Pierre-Yves Chibon <pingou@pingoured.fr>
Date: Jul 27 2016 07:31:19 +0000
Subject: Release 2.3.4


---

diff --git a/UPGRADING.rst b/UPGRADING.rst
index 697460b..3ebb508 100644
--- a/UPGRADING.rst
+++ b/UPGRADING.rst
@@ -1,6 +1,15 @@
 Upgrading Pagure
 ================
 
+
+2.3.4
+-----
+
+Release 2.3.4 contains an important security fix, blocking a source of XSS
+attack. (CVE-2016-1000037)
+
+
+
 From 2.2 to 2.3
 ---------------
 
diff --git a/doc/contributors.rst b/doc/contributors.rst
index e0e5ed8..309e530 100644
--- a/doc/contributors.rst
+++ b/doc/contributors.rst
@@ -3,12 +3,12 @@ Contributors to pagure
 
 Pagure would be nothing without its contributors.
 
-On July 15, 2016 (release 2.3.3), the list looks as follow:
+On July 27, 2016 (release 2.3.4), the list looks as follow:
 
 =================  ===========
 Number of commits  Contributor
 =================  ===========
-  4105              Pierre-Yves Chibon <pingou@pingoured.fr>
+  4107              Pierre-Yves Chibon <pingou@pingoured.fr>
    174              Ryan Lerch <rlerch@redhat.com>
     61              farhaanbukhsh <farhaan.bukhsh@gmail.com>
     59              Johan Cwiklinski <johan@x-tnd.be>
diff --git a/files/pagure.spec b/files/pagure.spec
index 5a75a9d..6ece2f8 100644
--- a/files/pagure.spec
+++ b/files/pagure.spec
@@ -2,7 +2,7 @@
 %distutils.sysconfig import get_python_lib; print (get_python_lib())")}
 
 Name:           pagure
-Version:        2.3.3
+Version:        2.3.4
 Release:        1%{?dist}
 Summary:        A git-centered forge
 
@@ -259,6 +259,12 @@ install -m 644 webhook-server/pagure_webhook.service \
 
 
 %changelog
+* Wed Jul 27 2016 Pierre-Yves Chibon <pingou@pingoured.fr> - 2.3.4-1
+- Update to 2.3.4
+- Security fix release blocking all html related mimetype when displaying the
+  raw files in issues and forces the browser to download them instead (Thanks to
+  Patrick Uiterwijk for finding this issue) - CVE: CVE-2016-1000037
+
 * Fri Jul 15 2016 Pierre-Yves Chibon <pingou@pingoured.fr> - 2.3.3-1
 - Update to 2.3.3
 - Fix redering the release page when the tag message contain only spaces (Vivek
diff --git a/pagure/__init__.py b/pagure/__init__.py
index 312ef6a..019c83b 100644
--- a/pagure/__init__.py
+++ b/pagure/__init__.py
@@ -12,7 +12,7 @@
 __requires__ = ['SQLAlchemy >= 0.8', 'jinja2 >= 2.4']
 import pkg_resources
 
-__version__ = '2.3.3'
+__version__ = '2.3.4'
 __api_version__ = '0.7'