diff options
| author | David Mehren | 2021-05-11 19:42:57 +0200 |
|---|---|---|
| committer | David Mehren | 2021-05-11 21:28:10 +0200 |
| commit | 81d73b2db9e0d9bc938e242bb57bd45d948ce4f4 (patch) | |
| tree | 346606f309a3c8db41e31a4f2702b23f3cb786f3 | |
| parent | 01dad5821ee28377ebe640c6c72c3e0bb0d51ea7 (diff) | |
Add release notes for 1.8.2
Signed-off-by: David Mehren <git@herrmehren.de>
| -rw-r--r-- | public/docs/release-notes.md | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/public/docs/release-notes.md b/public/docs/release-notes.md index ac4bd0bd..1d957b72 100644 --- a/public/docs/release-notes.md +++ b/public/docs/release-notes.md @@ -1,4 +1,12 @@ # Release Notes +## <i class="fa fa-tag"></i> 1.8.2 <i class="fa fa-calendar-o"></i> 2021-05-11 + +This release fixes two security issues. We recommend upgrading as soon as possible. + +### Security Fixes +- [CVE-2021-29503: Improper Neutralization of Script-Related HTML Tags in Notes](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-gjg7-4j2h-94fq) +- Fix a potential XSS-vector in the handling of usernames and profile pictures + ## <i class="fa fa-tag"></i> 1.8.1 <i class="fa fa-calendar-o"></i> 2021-05-06 ### Enhancements - Speed up `yarn install` in production mode (as performed by `bin/setup`) by marking frontend-only dependencies as dev-dependencies. |