summaryrefslogtreecommitdiff
path: root/public
diff options
context:
space:
mode:
authorDavid Mehren2021-05-11 21:41:11 +0200
committerGitHub2021-05-11 21:41:11 +0200
commit8b374d8c1972db2b09126e8f9cc10384552abf29 (patch)
treea356ff3d1e5473fa872763300fee1abfd9eb835e /public
parent01dad5821ee28377ebe640c6c72c3e0bb0d51ea7 (diff)
parent32e31ac1e3751c47985269890580561cf452c270 (diff)
Merge pull request #1267 from hedgedoc/release/1.8.2
Diffstat (limited to '')
-rw-r--r--public/docs/release-notes.md8
1 files changed, 8 insertions, 0 deletions
diff --git a/public/docs/release-notes.md b/public/docs/release-notes.md
index ac4bd0bd..1d957b72 100644
--- a/public/docs/release-notes.md
+++ b/public/docs/release-notes.md
@@ -1,4 +1,12 @@
# Release Notes
+## <i class="fa fa-tag"></i> 1.8.2 <i class="fa fa-calendar-o"></i> 2021-05-11
+
+This release fixes two security issues. We recommend upgrading as soon as possible.
+
+### Security Fixes
+- [CVE-2021-29503: Improper Neutralization of Script-Related HTML Tags in Notes](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-gjg7-4j2h-94fq)
+- Fix a potential XSS-vector in the handling of usernames and profile pictures
+
## <i class="fa fa-tag"></i> 1.8.1 <i class="fa fa-calendar-o"></i> 2021-05-06
### Enhancements
- Speed up `yarn install` in production mode (as performed by `bin/setup`) by marking frontend-only dependencies as dev-dependencies.