summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--WebContent/release-notes.html10
1 files changed, 10 insertions, 0 deletions
diff --git a/WebContent/release-notes.html b/WebContent/release-notes.html
index 97a1d6020a..6bf511c2da 100644
--- a/WebContent/release-notes.html
+++ b/WebContent/release-notes.html
@@ -43,6 +43,8 @@
<ul>
<li><a href="#overview">Package contents</a>
</li>
+ <li><a href="#security-fixes">Security fixes in Vaadin @version@</a>
+ </li>
<li><a href="#enhancements">Enhancements in Vaadin @version@</a>
</li>
<li><a href="#fixes">Fixes in Vaadin @version@</a>
@@ -83,6 +85,14 @@
</ul>
</p>
+ <h2 id="security-fixes">Security fixes in Vaadin @version@</h2>
+ <p>Vaadin @version@ incorporates fixes for the following security issues:</p>
+ <ul>
+ <li><a href="http://dev.vaadin.com/ticket/7669">#7669</a> CSRF/XSS vulnerability through separator injection</li>
+ <li><a href="http://dev.vaadin.com/ticket/7670">#7670</a> Directory traversal vulnerability</li>
+ <li><a href="http://dev.vaadin.com/ticket/7671">#7671</a> Contributory XSS: Possibility to inject HTML/JavaScript in system error messages</li>
+ <li><a href="http://dev.vaadin.com/ticket/7672">#7672</a> Contributory XSS: possibility for injection in certain components</li>
+ </ul>
<h2 id="enhancements">Enhancements in Vaadin @version@</h2>
<p>
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-06 07:02:46 +0000