diff options
| author | David Mehren | 2021-05-03 22:49:15 +0200 |
|---|---|---|
| committer | GitHub | 2021-05-03 22:49:15 +0200 |
| commit | f48e36d2052bcae56081bee3c281bfc69fe7f70d (patch) | |
| tree | a0bbc5dd84230bb2dcc92a7e297b9ff2cca9f0d4 /public/docs/release-notes.md | |
| parent | 9d08eaec8fe4ec3b62be7a7a116c01557b1e6a11 (diff) | |
| parent | e6d4ac5f9a50b28b9d6e456d7fc343194ab1cbee (diff) | |
Merge pull request #1219 from hedgedoc/release/1.8.0
Diffstat (limited to 'public/docs/release-notes.md')
| -rw-r--r-- | public/docs/release-notes.md | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/public/docs/release-notes.md b/public/docs/release-notes.md index 4849a029..d3173450 100644 --- a/public/docs/release-notes.md +++ b/public/docs/release-notes.md @@ -1,12 +1,14 @@ # Release Notes -## <i class="fa fa-tag"></i> 1.8.0-rc1 <i class="fa fa-calendar-o"></i> 2021-04-26 +## <i class="fa fa-tag"></i> 1.8.0 <i class="fa fa-calendar-o"></i> 2021-05-03 -This release fixes a security issue. We recommend upgrading as soon as possible. +This release fixes multiple security issues. We recommend upgrading as soon as possible. **Please note:** This release dropped support for Node 10, which is end-of-life since April 2021. You now need at least Node 12 to run HedgeDoc, but we recommend running [the latest LTS release](https://nodejs.org/en/about/releases/). ### Security Fixes - [CVE-2021-29474: Relative path traversal Attack on note creation](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-p528-555r-pf87) +- [CVE-2021-21306: Underscore ReDoS](https://github.com/markedjs/marked/security/advisories/GHSA-4r62-v4vq-hr96) in the `marked` library + This issue allowed an attacker to hang HedgeDoc by inserting a malicious string into a note. Thanks to Ralph Krimmel for reporting! We also published an advisory for [CVE-2021-29475: PDF export allows arbitrary file reads](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-pxxg-px9v-6qf3), which has already been fixed since HedgeDoc 1.6.0. |