1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-11-25 05:22:59 +00:00

Update changelog

This commit is contained in:
Starbeamrainbowlabs 2021-09-21 14:10:02 +01:00
parent 7b6cbbe821
commit 978da55e00
Signed by: sbrl
GPG key ID: 1BE5172E637709C2

View file

@ -7,6 +7,7 @@ This file holds the changelog for Pepperminty Wiki. This is the master list of t
### Fixed ### Fixed
- [security] Fixed an XSS vulnerability in the `format` GET parameter of the `stats` action (thanks, @JamieSlome) - [security] Fixed an XSS vulnerability in the `format` GET parameter of the `stats` action (thanks, @JamieSlome)
- [security] Ensured that the `returnto` GET parameter leads you only to another place on your Pepperminty Wiki instance (thanks, @JamieSlome) - [security] Ensured that the `returnto` GET parameter leads you only to another place on your Pepperminty Wiki instance (thanks, @JamieSlome)
- [security] Ensure that Javascript in SVGs never gets executed (it's too challenging to strip it, since it could be lurking in many different places - according to [this answer](https://stackoverflow.com/a/68505306/1460422) even Inkscape doesn't strip all Javascript when asked to)
## v0.23 ## v0.23