Release note for wagtail#11735

Stormheg · Mar 7, 2024 · 007d5b0 · 007d5b0
1 parent 92d1ff5
commit 007d5b0
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 0 deletions.
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
@@ -31,6 +31,7 @@ Changelog
  * Docs: Fix formatting of `--purge-only` in `wagtail_update_image_renditions` management command section (Pranith Beeram)
  * Docs: Update template components documentation to better explain the usage of the Laces library (Tibor Leupold)
  * Docs: Update Sphinx theme to `6.3.0` with a fix for the missing favicon (Sage Abdullah)
+ * Docs: Document risk of XSS attacks on document upload (Matt Westcott, with thanks to Georgios Roumeliotis of TwelveSec for the original report)
  * Maintenance: Move RichText HTML whitelist parser to use the faster, built in `html.parser` (Jake Howard)
  * Maintenance: Remove duplicate 'path' in default_exclude_fields_in_copy (Ramchandra Shahi Thakuri)
  * Maintenance: Update unit tests to always use the faster, built in `html.parser` & remove `html5lib` dependency (Jake Howard)

diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md
@@ -806,6 +806,7 @@
 * Pranith Beeram
 * Maranda Provance
 * Mark Niehues
+* Georgios Roumeliotis
 
 ## Translators
 

diff --git a/docs/releases/6.1.md b/docs/releases/6.1.md
@@ -48,6 +48,7 @@ depth: 1
  * Fix formatting of `--purge-only` in [`wagtail_update_image_renditions`](wagtail_update_image_renditions) management command section (Pranith Beeram)
  * Update [template components](creating_template_components) documentation to better explain the usage of the Laces library (Tibor Leupold)
  * Update Sphinx theme to `6.3.0` with a fix for the missing favicon (Sage Abdullah)
+ * Document risk of XSS attacks on document upload (Matt Westcott, with thanks to Georgios Roumeliotis of TwelveSec for the original report)
 
 
 ### Maintenance