From 7c4b72e820ba2a04aaf3b4389714c30bfa284bcd Mon Sep 17 00:00:00 2001
From: Bernhard Posselt <dev@bernhard-posselt.com>
Date: Mon, 2 Feb 2015 23:23:30 +0100
Subject: only allow iframe https content

---
 CHANGELOG.md | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'CHANGELOG.md')

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9819fd641..e02ffe224 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,6 @@
+owncloud-news (5.2.2)
+* **Security**: Only allow YouTube and Vimeo to embed iframes if they use HTTPS to prevent mixed active content iframe attacks
+
 owncloud-news (5.2.1)
 * **Bugfix**: Fix admin settings by using the correct config path
 
-- 
cgit v1.2.3