diff options
author | Jonatan Kronqvist <jonatan.kronqvist@itmill.com> | 2011-09-28 10:42:06 +0000 |
---|---|---|
committer | Jonatan Kronqvist <jonatan.kronqvist@itmill.com> | 2011-09-28 10:42:06 +0000 |
commit | dabb96c04cf2050c867dab9889f32ebec36bd021 (patch) | |
tree | 08d162c8fd5f6eee920827b4651439609fc43564 /WebContent/release-notes.html | |
parent | d46f904fd4633100ad189f49a97bbc139de4846f (diff) | |
download | vaadin-framework-dabb96c04cf2050c867dab9889f32ebec36bd021.tar.gz vaadin-framework-dabb96c04cf2050c867dab9889f32ebec36bd021.zip |
Added mention of security fixes in release notes6.7.0.rc1
svn changeset:21406/svn branch:6.7
Diffstat (limited to 'WebContent/release-notes.html')
-rw-r--r-- | WebContent/release-notes.html | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/WebContent/release-notes.html b/WebContent/release-notes.html index 97a1d6020a..6bf511c2da 100644 --- a/WebContent/release-notes.html +++ b/WebContent/release-notes.html @@ -43,6 +43,8 @@ <ul> <li><a href="#overview">Package contents</a> </li> + <li><a href="#security-fixes">Security fixes in Vaadin @version@</a> + </li> <li><a href="#enhancements">Enhancements in Vaadin @version@</a> </li> <li><a href="#fixes">Fixes in Vaadin @version@</a> @@ -83,6 +85,14 @@ </ul> </p> + <h2 id="security-fixes">Security fixes in Vaadin @version@</h2> + <p>Vaadin @version@ incorporates fixes for the following security issues:</p> + <ul> + <li><a href="http://dev.vaadin.com/ticket/7669">#7669</a> CSRF/XSS vulnerability through separator injection</li> + <li><a href="http://dev.vaadin.com/ticket/7670">#7670</a> Directory traversal vulnerability</li> + <li><a href="http://dev.vaadin.com/ticket/7671">#7671</a> Contributory XSS: Possibility to inject HTML/JavaScript in system error messages</li> + <li><a href="http://dev.vaadin.com/ticket/7672">#7672</a> Contributory XSS: possibility for injection in certain components</li> + </ul> <h2 id="enhancements">Enhancements in Vaadin @version@</h2> <p> |