From a27f58396b31a0514dc60256047aaaffe1b7b048 Mon Sep 17 00:00:00 2001
From: Erik Michelson <github@erik.michelson.eu>
Date: Thu, 10 Apr 2025 00:17:33 +0200
Subject: [PATCH] docs: update release notes

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
---
 public/docs/release-notes.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/public/docs/release-notes.md b/public/docs/release-notes.md
index a3c89730d..13ae57213 100644
--- a/public/docs/release-notes.md
+++ b/public/docs/release-notes.md
@@ -4,6 +4,12 @@
 
 ## <i class="fa fa-tag"></i> 1.10.3 <i class="fa fa-calendar-o"></i> 2025-04-09
 
+### Security fixes
+
+This release fixes a security issue of a possible XSS exploit which can be planted via a malicous SVG file upload.
+
+See [GHSA-3983-rrqh-mvx5](https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-3983-rrqh-mvx5) for more details
+
 ### Enhancements
 - Add config options `CMD_SAML_WANT_ASSERTIONS_SIGNED` and `CMD_SAML_WANT_AUTHN_RESPONSE_SIGNED` for SAML auth, since
   some instances didn't comply with the new defaults of `@node-saml/passport-saml`