diff options
Diffstat (limited to '')
| -rw-r--r-- | public/docs/release-notes.md | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/public/docs/release-notes.md b/public/docs/release-notes.md index 6d31b8ff..598a5c83 100644 --- a/public/docs/release-notes.md +++ b/public/docs/release-notes.md @@ -1,4 +1,12 @@ # Release Notes +## <i class="fa fa-tag"></i> 1.7.1 <i class="fa fa-calendar-o"></i> 2020-12-27 +This release fixes two security issues. We recommend upgrading as soon as possible. +### Security Fixes +- [CVE-2020-26286: Arbitrary file upload](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-wcr3-xhv7-8gxc) + An unauthenticated attacker can upload arbitrary files to the upload storage backend. +- [CVE-2020-26287: Stored XSS in mermaid diagrams](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-g6w6-7xf9-m95p) + An attacker can inject arbitrary script tags in HedgeDoc notes using mermaid diagrams. + ## <i class="fa fa-tag"></i> 1.7.0 <i class="fa fa-calendar-o"></i> 2020-12-21 @@ -46,7 +54,7 @@ otherwise you will encounter login-issues. - Butterflyoffire (translator) - civic john (translator) - [Daniel Lublin](https://github.com/quite) -- [Davod Mehren](github.com/davidmehren) +- [David Mehren](github.com/davidmehren) - [david-sawatzke](https://github.com/david-sawatzke) - deluxghost (translator) - [Dexter Chua](https://github.com/dalcde) |