From f428aa9af8534b214abb09fe4456653eb09913e7 Mon Sep 17 00:00:00 2001
From: sapphi-red <49056869+sapphi-red@users.noreply.github.com>
Date: Mon, 20 Jan 2025 18:30:20 +0900
Subject: [PATCH] release: v5.4.12

---
 packages/vite/CHANGELOG.md | 9 +++++++++
 packages/vite/package.json | 2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/packages/vite/CHANGELOG.md b/packages/vite/CHANGELOG.md
index b14d45d822dce1..fafd27ff0c54c3 100644
--- a/packages/vite/CHANGELOG.md
+++ b/packages/vite/CHANGELOG.md
@@ -1,3 +1,12 @@
+## <small>5.4.12 (2025-01-20)</small>
+
+* fix!: check host header to prevent DNS rebinding attacks and introduce `server.allowedHosts` ([9da4abc](https://github.com/vitejs/vite/commit/9da4abc8dde7f032ca1f23f425c2060b9b9ebd34))
+* fix!: default `server.cors: false` to disallow fetching from untrusted origins ([dfea38f](https://github.com/vitejs/vite/commit/dfea38f1ff9f6fc0f0ca57927c527b0b9ffd2210))
+* fix: verify token for HMR WebSocket connection ([b71a5c8](https://github.com/vitejs/vite/commit/b71a5c89a1b4b913813ae665e6e04dd9d18c189c))
+* chore: add deps update changelog ([ecd2375](https://github.com/vitejs/vite/commit/ecd2375460edb4ae258fed4abe6c6f6ed7323b23))
+
+
+
 ## <small>5.4.11 (2024-11-11)</small>
 
 * fix(deps): update dependencies of postcss-modules ([ceb15db](https://github.com/vitejs/vite/commit/ceb15db613d107e29f7cc1d441364f7b5c831ed3)), closes [#18617](https://github.com/vitejs/vite/issues/18617)
diff --git a/packages/vite/package.json b/packages/vite/package.json
index d1e1d9066a0410..dfa98d96b0ccae 100644
--- a/packages/vite/package.json
+++ b/packages/vite/package.json
@@ -1,6 +1,6 @@
 {
   "name": "vite",
-  "version": "5.4.11",
+  "version": "5.4.12",
   "type": "module",
   "license": "MIT",
   "author": "Evan You",