aboutsummaryrefslogtreecommitdiffstats
path: root/WebContent/release-notes.html
diff options
context:
space:
mode:
authorHenrik Paul <henrik@vaadin.com>2014-03-03 11:46:35 +0200
committerJohn Ahlroos <john@vaadin.com>2014-03-03 09:56:47 +0000
commit3798a8ab782d5e68b269692bbb784069b9312122 (patch)
tree248e2d6317f11a6906c2c13161609c118ffff8c4 /WebContent/release-notes.html
parent54b448d018922f6315bb756c24c6ce7feff6e14d (diff)
parent6b7ad587042d2c98c2133c93382fb5ea8cdded8c (diff)
downloadvaadin-framework-3798a8ab782d5e68b269692bbb784069b9312122.tar.gz
vaadin-framework-3798a8ab782d5e68b269692bbb784069b9312122.zip
Merge branch 'master' into grid
Change-Id: I2f1134ce1bd5e8dbb183881fc69120e964271245
Diffstat (limited to 'WebContent/release-notes.html')
-rw-r--r--WebContent/release-notes.html40
1 files changed, 39 insertions, 1 deletions
diff --git a/WebContent/release-notes.html b/WebContent/release-notes.html
index a11e526c3f..c7e7558e6a 100644
--- a/WebContent/release-notes.html
+++ b/WebContent/release-notes.html
@@ -41,6 +41,7 @@
<ul>
<li><a href="#overview">Overview of Vaadin
@version@ Release</a></li>
+ <li><a href="#security-fixes">Security fixes</a></li>
<li><a href="#changelog">Change log for Vaadin
@version@</a></li>
<li><a href="#enhancements">Enhancements in Vaadin
@@ -75,7 +76,44 @@
href="http://vaadin.com/download/release/@version-minor@/@version-minor@.0/release-notes.html">Release
Notes for Vaadin @version-minor@.0</a>.
</p>
-
+
+ <!-- ================================================================ -->
+ <h3 id="security-fixes">Security fixes in Vaadin Framework 7.1.11</h3>
+
+ <p>
+ Vaadin 7.1.11 fixes two security issues discovered during internal review.
+ </p>
+ <p><b>Escaping of OptionGroup item icon URLs</b></p>
+ <p>
+ The issue affects OptionGroup with item icons. Proper escaping of the
+ src-attribute on the client side was not ensured when using icons for
+ OptionGroup items. This could potentially, in certain situations, allow
+ a malicious user to inject content, such as javascript, in order to
+ perform a cross-site scripting (XSS) attack.
+ </p>
+ <p>
+ In order for an application to be vulnerable, user provided input must
+ be used to form a URL used to display an icon for an OptionGroup item,
+ when showing that Option Group to other users.<br/>
+ The vulnerability has been classified as moderate, due to it's limited
+ application.
+ </p>
+ <p><b>Escaping of URLs in Util.getAbsoluteUrl()</b></p>
+ <p>
+ The client side Util.getAbsoluteUrl() did not ensure proper escaping
+ of the given URL. This could potentially, in certain situations, allow
+ a malicious user to inject content, such as javascript, in order to
+ perform a cross-site scripting (XSS) attack.
+ </p>
+ <p>
+ The method is used internally by the framework in such a manner that it
+ is unlikely this attack vector can be utilized in practice. However,
+ third party components, or future use of the method, could make an
+ attack viable.<br/>
+ The vulnerability has been classified as moderate, due to it's limited
+ application.
+ </p>
+
<h3 id="changelog">Change log for Vaadin @version@</h3>
<p>This release includes the following closed issues:</p>