diff options
author | David Mehren | 2021-01-15 20:36:43 +0100 |
---|---|---|
committer | David Mehren | 2021-01-15 20:37:30 +0100 |
commit | e9d45873440f45d7c06e7ec043062f06b6a586a5 (patch) | |
tree | ccf9fc2bf9ca884f70de86fc88be5c32f148a10a /public/docs | |
parent | 8af470634a3e4fe9ce087705744a02f5b5a59a6a (diff) |
Bump version to 1.7.2
Signed-off-by: David Mehren <git@herrmehren.de>
Diffstat (limited to 'public/docs')
-rw-r--r-- | public/docs/release-notes.md | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/public/docs/release-notes.md b/public/docs/release-notes.md index 598a5c83..a58018c2 100644 --- a/public/docs/release-notes.md +++ b/public/docs/release-notes.md @@ -1,4 +1,13 @@ # Release Notes +## <i class="fa fa-tag"></i> 1.7.2 <i class="fa fa-calendar-o"></i> 2021-01-15 +This release fixes a security issue. We recommend upgrading as soon as possible. +### Security Fixes +- [CVE-2021-21259: Stored XSS in slide mode](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-44w9-vm8p-3cxw) + An attacker can inject arbitrary JavaScript into a HedgeDoc note. + +### Bugfixes +- Ensure the last line of the markdown editor is not covered by the status bar (thanks to [@mhdrone](https://github.com/mhdrone) for reporting!) + ## <i class="fa fa-tag"></i> 1.7.1 <i class="fa fa-calendar-o"></i> 2020-12-27 This release fixes two security issues. We recommend upgrading as soon as possible. ### Security Fixes |