mirror of
https://github.com/vector-im/element-web.git
synced 2024-11-15 20:54:59 +08:00
Prepare changelog for v1.7.22
This commit is contained in:
parent
f94f97d83a
commit
594c07b2d9
17
CHANGELOG.md
17
CHANGELOG.md
@ -1,3 +1,20 @@
|
||||
Changes in [1.7.22](https://github.com/vector-im/element-web/releases/tag/v1.7.22) (2021-03-01)
|
||||
===============================================================================================
|
||||
[Full Changelog](https://github.com/vector-im/element-web/compare/v1.7.22-rc.1...v1.7.22)
|
||||
|
||||
## Security notice
|
||||
|
||||
Element Web 1.7.22 fixes (by upgrading to matrix-react-sdk 3.15.0) a low
|
||||
severity issue (CVE-2021-21320) where the user content sandbox can be abused to
|
||||
trick users into opening unexpected documents. The content is opened with a
|
||||
`blob` origin that cannot access Matrix user data, so messages and secrets are
|
||||
not at risk. Thanks to @keerok for responsibly disclosing this via Matrix's
|
||||
Security Disclosure Policy.
|
||||
|
||||
## All changes
|
||||
|
||||
* Upgrade to React SDK 3.15.0 and JS SDK 9.8.0
|
||||
|
||||
Changes in [1.7.22-rc.1](https://github.com/vector-im/element-web/releases/tag/v1.7.22-rc.1) (2021-02-24)
|
||||
=========================================================================================================
|
||||
[Full Changelog](https://github.com/vector-im/element-web/compare/v1.7.21...v1.7.22-rc.1)
|
||||
|
Loading…
Reference in New Issue
Block a user