From 007d5b048d061266c696c5b72c6c4530382351a0 Mon Sep 17 00:00:00 2001 From: Matt Westcott Date: Thu, 7 Mar 2024 14:54:35 +0000 Subject: [PATCH] Release note for #11735 --- CHANGELOG.txt | 1 + CONTRIBUTORS.md | 1 + docs/releases/6.1.md | 1 + 3 files changed, 3 insertions(+) diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 047a6b8df4..ff9d66a133 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -31,6 +31,7 @@ Changelog * Docs: Fix formatting of `--purge-only` in `wagtail_update_image_renditions` management command section (Pranith Beeram) * Docs: Update template components documentation to better explain the usage of the Laces library (Tibor Leupold) * Docs: Update Sphinx theme to `6.3.0` with a fix for the missing favicon (Sage Abdullah) + * Docs: Document risk of XSS attacks on document upload (Matt Westcott, with thanks to Georgios Roumeliotis of TwelveSec for the original report) * Maintenance: Move RichText HTML whitelist parser to use the faster, built in `html.parser` (Jake Howard) * Maintenance: Remove duplicate 'path' in default_exclude_fields_in_copy (Ramchandra Shahi Thakuri) * Maintenance: Update unit tests to always use the faster, built in `html.parser` & remove `html5lib` dependency (Jake Howard) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 16d1bb9d72..0ca7ddd1aa 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -806,6 +806,7 @@ * Pranith Beeram * Maranda Provance * Mark Niehues +* Georgios Roumeliotis ## Translators diff --git a/docs/releases/6.1.md b/docs/releases/6.1.md index 6a29d606a1..718c617251 100644 --- a/docs/releases/6.1.md +++ b/docs/releases/6.1.md @@ -48,6 +48,7 @@ depth: 1 * Fix formatting of `--purge-only` in [`wagtail_update_image_renditions`](wagtail_update_image_renditions) management command section (Pranith Beeram) * Update [template components](creating_template_components) documentation to better explain the usage of the Laces library (Tibor Leupold) * Update Sphinx theme to `6.3.0` with a fix for the missing favicon (Sage Abdullah) + * Document risk of XSS attacks on document upload (Matt Westcott, with thanks to Georgios Roumeliotis of TwelveSec for the original report) ### Maintenance