diff options
author | David Mehren | 2020-12-27 20:53:39 +0100 |
---|---|---|
committer | David Mehren | 2020-12-27 20:54:39 +0100 |
commit | 7d2c433b1bb1ec31ccabfdba148d414b3c4cf711 (patch) | |
tree | 4e80471a8797bf9334c3065d5e306fae31fe2a3a | |
parent | 591f0c10f0efdac46ba7455a554b024fb0fa84e8 (diff) |
Bump version to 1.7.1
Signed-off-by: David Mehren <git@herrmehren.de>
Diffstat (limited to '')
-rw-r--r-- | docs/dev/openapi.yml | 2 | ||||
-rw-r--r-- | package.json | 2 | ||||
-rw-r--r-- | public/docs/release-notes.md | 8 |
3 files changed, 10 insertions, 2 deletions
diff --git a/docs/dev/openapi.yml b/docs/dev/openapi.yml index 8bb7f255..c5de475c 100644 --- a/docs/dev/openapi.yml +++ b/docs/dev/openapi.yml @@ -3,7 +3,7 @@ openapi: 3.0.1 info: title: HedgeDoc description: HedgeDoc is an open source collaborative note editor. Several tasks of HedgeDoc can be automated through this API. - version: 1.7.0 + version: 1.7.1 contact: name: HedgeDoc on GitHub url: https://github.com/hedgedoc/hedgedoc diff --git a/package.json b/package.json index ae234182..3e8046bb 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "HedgeDoc", - "version": "1.7.0", + "version": "1.7.1", "description": "The best platform to write and share markdown.", "main": "app.js", "license": "AGPL-3.0", diff --git a/public/docs/release-notes.md b/public/docs/release-notes.md index 6d31b8ff..9b2effde 100644 --- a/public/docs/release-notes.md +++ b/public/docs/release-notes.md @@ -1,4 +1,12 @@ # Release Notes +## <i class="fa fa-tag"></i> 1.7.1 <i class="fa fa-calendar-o"></i> 2020-12-27 +This release fixes two security issues. We recommend upgrading as soon as possible. +### Security Fixes +- [CVE-2020-26286: Arbitrary file upload](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-wcr3-xhv7-8gxc) + An unauthenticated attacker can upload arbitrary files to the upload storage backend. +- [CVE-2020-26287: Stored XSS in mermaid diagrams](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-g6w6-7xf9-m95p) + An attacker can inject arbitrary script tags in HedgeDoc notes using mermaid diagrams. + ## <i class="fa fa-tag"></i> 1.7.0 <i class="fa fa-calendar-o"></i> 2020-12-21 |