github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-11-25 03:06:31 -05:00
Code Issues Projects Releases Packages Wiki Activity

Add release notes for CSP changes

Browse source 
Signed-off-by: David Mehren <git@herrmehren.de>
This commit is contained in:
David Mehren 2021-06-07 20:07:00 +02:00
parent 52231f688d
commit 0c6482abc5
No known key found for this signature in database
GPG key ID: 185982BA4C42B7C3
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
public/docs/release-notes.md
View file

@ -1,4 +1,12 @@
# Release Notes
## <i class="fa fa-tag"></i> 1.9.0 <i class="fa fa-calendar-o"></i> UNRELEASED
### Security Fixes
- This release removes Google Analytics and Disqus domains from our default Content Security Policy, because
they were repeatedly used to exploit security vulnerabilities.
If you want to continue using Google Analytics or Disqus, you can re-enable them in the config.
See [the docs](https://docs.hedgedoc.org/configuration/#web-security-aspects) for details.
## <i class="fa fa-tag"></i> 1.8.2 <i class="fa fa-calendar-o"></i> 2021-05-11
This release fixes two security issues. We recommend upgrading as soon as possible.