From f1fcaedbd23bfd3afd5d1db200b72dbda1992e3c Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Thu, 23 Feb 2017 20:33:44 -0500
Subject: Avoid potential XSS in Gantt chart

---
 ChangeLog | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'ChangeLog')

diff --git a/ChangeLog b/ChangeLog
index eaa964bc..8a10517f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -42,7 +42,11 @@ Bug fixes:
 Security:
 
 * Fix XSS in LetterAvatarProvider (render broken image)
-* Avoid potential XSS in project overview when listing users (was avoided by default CSP rules)
+
+Those issues are harmless if you use default Kanboard settings for CSP rules:
+
+* Avoid potential XSS in project overview when listing users
+* Avoid potential XSS in Gantt chart
 
 Version 1.0.39 (Feb 12, 2017)
 -----------------------------
-- 
cgit v1.2.3