mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-09 05:41:57 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

docs: update release notes
Some checks failed
Build & run tests / Node 20 (push) Has been cancelled
Details
Build & run tests / Node 22 (push) Has been cancelled
Details
Lint / Lint files (push) Has been cancelled
Details
Build & run tests / Node 18 (push) Has been cancelled
Details

Browse source 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This commit is contained in:
Erik Michelson 2025-04-10 00:17:33 +02:00
parent ce66f33a6d
commit a27f58396b
1 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
public/docs/release-notes.md
View file

@ -4,6 +4,12 @@
## <i class="fa fa-tag"></i> 1.10.3 <i class="fa fa-calendar-o"></i> 2025-04-09
### Security fixes
This release fixes a security issue of a possible XSS exploit which can be planted via a malicous SVG file upload.
See [GHSA-3983-rrqh-mvx5](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-3983-rrqh-mvx5) for more details
### Enhancements
- Add config options `CMD_SAML_WANT_ASSERTIONS_SIGNED` and `CMD_SAML_WANT_AUTHN_RESPONSE_SIGNED` for SAML auth, since
some instances didn't comply with the new defaults of `@node-saml/passport-saml`