1.7.1-ls1
·
240 commits
to main
since this release
LinuxServer Changes:
Initial release
hedgedoc Changes:
This release fixes two security issues. We recommend upgrading as soon as possible.
Security Fixes
- CVE-2020-26286: Arbitrary file upload
An unauthenticated attacker can upload arbitrary files to the upload storage backend. - CVE-2020-26287: Stored XSS in mermaid diagrams
An attacker can inject arbitrary script tags in HedgeDoc notes using mermaid diagrams.