github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-04-20 16:24:44 +00:00
Code Issues Projects Releases Packages Wiki Activity

Add new CSP config options to release notes

Browse source 
Signed-off-by: David Mehren <git@herrmehren.de>
This commit is contained in:
David Mehren 2021-08-06 13:37:37 +02:00
parent 6c722f0ad6
commit 832f3522b3
No known key found for this signature in database
GPG key ID: 185982BA4C42B7C3
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
public/docs/release-notes.md
View file

@ -8,6 +8,11 @@
### Features
- HedgeDoc now automatically retries connecting to the database up to 30 times on startup.
- This release introduces the `csp.allowFraming` config option, which controls whether embedding a HedgeDoc instance
in other webpages is allowed. We **strongly recommend disabling** this option to reduce the risk of XSS attacks.
- This release introduces the `csp.allowPDFEmbed` config option, which controls whether embedding PDFs inside HedgeDoc
notes is allowed. We recommend disabling this option if you don't use the feature, to reduce the attack surface of
XSS attacks.
### Bugfixes
- Fix crash when trying to read the current Git commit on startup