Etusivu Tutki Apua
Kirjaudu sisään
mirrors
/
wekan
peilaus alkaen https://github.com/wekan/wekan.git
2
0
Haarauta 0
Tiedostot Esitykset 0 Wiki
Selaa lähdekoodia

Update ChangeLog.

Lauri Ojansivu 5 vuotta sitten
vanhempi
482682e500
sitoutus
ec71849d84
1 muutettua tiedostoa jossa 11 lisäystä ja 3 poistoa
Jaettu näkymä Näytä diff tilastot
  1. 11 3
      CHANGELOG.md

+ 11 - 3
CHANGELOG.md
Näytä tiedosto 

@@ -1,8 +1,16 @@
 
 # Upcoming Wekan release
 
 
-This release fixes the following bugs:
 
-
 
-- 
+This release fixes the following SECURITY VULNERABLITIES:
 
+
 
+- [Fix XSS bug reported today 4 hours ago by Cyb3rjunky](https://github.com/wekan/wekan/commit/482682e50079d70c5113169020d6834013b57c11).
 
+  Logged in users could run javascript in input fields.
 
+  This affects Wekan versions v3.12-v3.84.
 
+  In [Wekan v3.12](https://github.com/wekan/wekan/blob/master/CHANGELOG.md#v312-2019-08-09-wekan-release)
 
+  there was [changes for XSS filter to allow inserting images, videos etc
 
+  on comment WYSIWYG editor](https://github.com/wekan/wekan/pull/2593)
 
+  so features related to that are now removed.
 
+  After this fix, Javascript in input fields is not executed.
 
+  Thanks to Cyb3rjunky and xet7.
 
 
 Thanks to above GitHub users for their contributions and translators for their translations.