From 7d2c433b1bb1ec31ccabfdba148d414b3c4cf711 Mon Sep 17 00:00:00 2001 From: David Mehren Date: Sun, 27 Dec 2020 20:53:39 +0100 Subject: Bump version to 1.7.1 Signed-off-by: David Mehren --- public/docs/release-notes.md | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'public/docs') diff --git a/public/docs/release-notes.md b/public/docs/release-notes.md index 6d31b8ff..9b2effde 100644 --- a/public/docs/release-notes.md +++ b/public/docs/release-notes.md @@ -1,4 +1,12 @@ # Release Notes +## 1.7.1 2020-12-27 +This release fixes two security issues. We recommend upgrading as soon as possible. +### Security Fixes +- [CVE-2020-26286: Arbitrary file upload](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-wcr3-xhv7-8gxc) + An unauthenticated attacker can upload arbitrary files to the upload storage backend. +- [CVE-2020-26287: Stored XSS in mermaid diagrams](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-g6w6-7xf9-m95p) + An attacker can inject arbitrary script tags in HedgeDoc notes using mermaid diagrams. + ## 1.7.0 2020-12-21 -- cgit v1.2.3