summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBernhard Posselt <dev@bernhard-posselt.com>2016-05-10 17:45:11 +0200
committerBernhard Posselt <dev@bernhard-posselt.com>2016-05-10 17:45:11 +0200
commit47ef2acea37313b7b3ebd53e4350eb720e282757 (patch)
tree43ed8e5e0c1cbecabe5dae360e39bc24fafed138
parentfb26d79255dd1558cf6bdafd697a4f4bd788e5d1 (diff)
fix changelog link8.7.5
-rw-r--r--CHANGELOG.md2
1 files changed, 1 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8c587a472..b791675ad 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,5 @@
owncloud-news (8.7.5)
-* **Security (High)**: Fix security bug that would allow websites to access your DOM document when using keyboard shortcuts to open an article in a new tab, downloading audio files, opening links on the explore page or opening links to the ownCloud documentation (News app versions prior to 5.0.0 are also vulnerable when clicking on any link in the title or article body). This gives any attacker access to all data on the DOM and allows them to make arbitrary requests to the ownCloud server on the user's behalf, bypassing CSRF protection and gaining full access to their account by stealing their login cookies. For a more detailed explanation [visit this website](https://medium.com/@jitbit/target-blank-the-most-underestimated-vulnerability-ever-96e328301f4c#.h55ny7ef0)
+* **Security (High)**: Fix security bug that would allow websites to access your DOM document when using keyboard shortcuts to open an article in a new tab, downloading audio files, opening links on the explore page or opening links to the ownCloud documentation or issue tracker (News app versions prior to 5.0.0 are also vulnerable when clicking on any link in the title or article body). This gives any attacker access to all data on the DOM and allows them to make arbitrary requests to the ownCloud server on the user's behalf, bypassing CSRF protection and gaining full access to their account by stealing their login cookies. For a more detailed explanation [visit this website](https://medium.com/@jitbit/target-blank-the-most-underestimated-vulnerability-ever-96e328301f4c#.h55ny7ef0)
owncloud-news (8.7.4)
* **Bugfix**: Fix expand in compact view mode, #988