github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-11-25 03:06:31 -05:00
Code Issues Projects Releases Packages Wiki Activity

Fix 1.8.0 changelog

Browse source 
CVE-2021-29475 has been fixed since
HedgeDoc 1.5.0, instead of 1.6.0

Signed-off-by: David Mehren <git@herrmehren.de>
This commit is contained in:
David Mehren 2021-05-06 20:48:30 +02:00
parent d9604ce134
commit 2c12feb127
No known key found for this signature in database
GPG key ID: 185982BA4C42B7C3
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
public/docs/release-notes.md
View file

@ -11,7 +11,7 @@ This release fixes multiple security issues. We recommend upgrading as soon as p
This issue allowed an attacker to hang HedgeDoc by inserting a malicious string into a note. Thanks to Ralph Krimmel for reporting!
We also published an advisory for [CVE-2021-29475: PDF export allows arbitrary file reads](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-pxxg-px9v-6qf3),
which has already been fixed since HedgeDoc 1.6.0.
which has already been fixed since HedgeDoc 1.5.0.
### Features
- Database migrations are now automatically applied on application startup