diff options
author | Leif Åstrand <leif@vaadin.com> | 2014-12-17 16:00:47 +0200 |
---|---|---|
committer | Leif Åstrand <leif@vaadin.com> | 2014-12-17 16:00:47 +0200 |
commit | 2dc2955eef14d9fcb4a03035a84000ae001f5dad (patch) | |
tree | 19b6465580cc22bd59bff36717b4368394dae490 | |
parent | 3e1ab9ec5de08f21031a41363924c2e692a46f8f (diff) | |
download | vaadin-framework-2dc2955eef14d9fcb4a03035a84000ae001f5dad.tar.gz vaadin-framework-2dc2955eef14d9fcb4a03035a84000ae001f5dad.zip |
Update release notes for 7.3.77.3.7
-rw-r--r-- | WebContent/release-notes.html | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/WebContent/release-notes.html b/WebContent/release-notes.html index 0347da0ce5..2719d69678 100644 --- a/WebContent/release-notes.html +++ b/WebContent/release-notes.html @@ -41,6 +41,7 @@ <ul> <li><a href="#overview">Overview of Vaadin @version@ Release</a></li> + <li><a href="#security-fixes">Security fixes</a></li> <li><a href="#changelog">Change log for Vaadin @version@</a></li> <li><a href="#enhancements">Enhancements in Vaadin @@ -68,10 +69,22 @@ <p> Vaadin @version@ is a maintenance release that includes a - number of new features and bug fixes, as listed in the <a - href="#enhancements">list of enhancements</a> and <a - href="#changelog">change log</a> below. + number of bug fixes, as listed in the <a href="#changelog"> + change log</a> below. </p> + + <h3 id="security-fixes">Security fixes in Vaadin Framework 7.3.7</h3> + + <p> + Vaadin 7.3.7 fixes an important security issue. + </p> + <p><b>Portlet error messages</b></p> + <p> + Proper escaping of HTML in portlet error messages was not ensured, + making a reflected cross-site scripting attack possible through + VaadinPortlet by making the user load a URL designed to include + an error message crafted by the attacker. + </p> <!-- ================================================================ --> <h3 id="changelog">Change log for Vaadin @version@</h3> |