From e3b0aa0c502aad251c1b79d1ee973dcd93711f07 Mon Sep 17 00:00:00 2001
From: Andy Miller <rhuk@mac.com>
Date: Tue, 22 Aug 2023 11:57:13 +0100
Subject: [PATCH] inlcude phar in dangerous extensions

---
 CHANGELOG.md                | 6 ++++++
 system/config/security.yaml | 1 +
 2 files changed, 7 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f7fc0d214c..b8578a1148 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,9 @@
+# v1.7.42.4
+## mm/dd/2023
+
+2. [](#improved)
+   * Include `phar` in the list of `security.uploads_dangerous_extensions`
+
 # v1.7.42.3
 ## 07/18/2023
 
diff --git a/system/config/security.yaml b/system/config/security.yaml
index 2cc815fb5b..54c7fc5225 100644
--- a/system/config/security.yaml
+++ b/system/config/security.yaml
@@ -32,6 +32,7 @@ xss_dangerous_tags:
     - base
 uploads_dangerous_extensions:
     - php
+    - phar
     - html
     - htm
     - js