Avoid potential XSS in Gantt chart

author: Frederic Guillot <fred@kanboard.net> 2017-02-23 20:33:44 -0500
committer: Frederic Guillot <fred@kanboard.net> 2017-02-23 20:33:44 -0500
commit: f1fcaedbd23bfd3afd5d1db200b72dbda1992e3c (patch)
tree: ed2ebafde73d9f5b75a8ff916f7b55d201cca024 /ChangeLog
parent: daaf32beb5bb80d0f6ec06dd3df845b66c9aa7bd (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index eaa964bc..8a10517f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -42,7 +42,11 @@ Bug fixes:
 Security:
 
 * Fix XSS in LetterAvatarProvider (render broken image)
-* Avoid potential XSS in project overview when listing users (was avoided by default CSP rules)
+
+Those issues are harmless if you use default Kanboard settings for CSP rules:
+
+* Avoid potential XSS in project overview when listing users
+* Avoid potential XSS in Gantt chart
 
 Version 1.0.39 (Feb 12, 2017)
 -----------------------------
author	Frederic Guillot <fred@kanboard.net>	2017-02-23 20:33:44 -0500
committer	Frederic Guillot <fred@kanboard.net>	2017-02-23 20:33:44 -0500
commit	f1fcaedbd23bfd3afd5d1db200b72dbda1992e3c (patch)
tree	ed2ebafde73d9f5b75a8ff916f7b55d201cca024 /ChangeLog
parent	daaf32beb5bb80d0f6ec06dd3df845b66c9aa7bd (diff)