From dabb96c04cf2050c867dab9889f32ebec36bd021 Mon Sep 17 00:00:00 2001
From: Jonatan Kronqvist <jonatan.kronqvist@itmill.com>
Date: Wed, 28 Sep 2011 10:42:06 +0000
Subject: Added mention of security fixes in release notes

svn changeset:21406/svn branch:6.7
---
 WebContent/release-notes.html | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'WebContent/release-notes.html')

diff --git a/WebContent/release-notes.html b/WebContent/release-notes.html
index 97a1d6020a..6bf511c2da 100644
--- a/WebContent/release-notes.html
+++ b/WebContent/release-notes.html
@@ -43,6 +43,8 @@
 		<ul>
 			<li><a href="#overview">Package contents</a>
 			</li>
+			<li><a href="#security-fixes">Security fixes in Vaadin @version@</a>
+			</li>
 			<li><a href="#enhancements">Enhancements in Vaadin @version@</a>
 			</li>
 			<li><a href="#fixes">Fixes in Vaadin @version@</a>
@@ -83,6 +85,14 @@
 			</ul>
 		</p>
 
+		<h2 id="security-fixes">Security fixes in Vaadin @version@</h2>
+		<p>Vaadin @version@ incorporates fixes for the following security issues:</p>
+    <ul>
+        <li><a href="http://dev.vaadin.com/ticket/7669">#7669</a> CSRF/XSS vulnerability through separator injection</li>
+        <li><a href="http://dev.vaadin.com/ticket/7670">#7670</a> Directory traversal vulnerability</li>
+        <li><a href="http://dev.vaadin.com/ticket/7671">#7671</a> Contributory XSS: Possibility to inject HTML/JavaScript in system error messages</li>
+        <li><a href="http://dev.vaadin.com/ticket/7672">#7672</a> Contributory XSS: possibility for injection in certain components</li>
+    </ul>
 
 		<h2 id="enhancements">Enhancements in Vaadin @version@</h2>
 		<p>
-- 
cgit v1.2.3