github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-04-12 20:05:24 +00:00
Code Issues Projects Releases Packages Wiki Activity

Bump version to 1.7.1

Browse source 
Signed-off-by: David Mehren <git@herrmehren.de>
This commit is contained in:
David Mehren 2020-12-27 20:53:39 +01:00
parent 591f0c10f0
commit 7d2c433b1b
No known key found for this signature in database
GPG key ID: 185982BA4C42B7C3
3 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docs/dev/openapi.yml
View file

@ -3,7 +3,7 @@ openapi: 3.0.1
info:
title: HedgeDoc
description: HedgeDoc is an open source collaborative note editor. Several tasks of HedgeDoc can be automated through this API.
version: 1.7.0
version: 1.7.1
contact:
name: HedgeDoc on GitHub
url: https://github.com/hedgedoc/hedgedoc

2
package.json
View file

@ -1,6 +1,6 @@
{
"name": "HedgeDoc",
"version": "1.7.0",
"version": "1.7.1",
"description": "The best platform to write and share markdown.",
"main": "app.js",
"license": "AGPL-3.0",

8
public/docs/release-notes.md
View file

@ -1,4 +1,12 @@
# Release Notes
## <i class="fa fa-tag"></i> 1.7.1 <i class="fa fa-calendar-o"></i> 2020-12-27
This release fixes two security issues. We recommend upgrading as soon as possible.
### Security Fixes
- [CVE-2020-26286: Arbitrary file upload](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-wcr3-xhv7-8gxc)
An unauthenticated attacker can upload arbitrary files to the upload storage backend.
- [CVE-2020-26287: Stored XSS in mermaid diagrams](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-g6w6-7xf9-m95p)
An attacker can inject arbitrary script tags in HedgeDoc notes using mermaid diagrams.
## <i class="fa fa-tag"></i> 1.7.0 <i class="fa fa-calendar-o"></i> 2020-12-21