diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 047a6b8df4b5..ff9d66a1339f 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -31,6 +31,7 @@ Changelog * Docs: Fix formatting of `--purge-only` in `wagtail_update_image_renditions` management command section (Pranith Beeram) * Docs: Update template components documentation to better explain the usage of the Laces library (Tibor Leupold) * Docs: Update Sphinx theme to `6.3.0` with a fix for the missing favicon (Sage Abdullah) + * Docs: Document risk of XSS attacks on document upload (Matt Westcott, with thanks to Georgios Roumeliotis of TwelveSec for the original report) * Maintenance: Move RichText HTML whitelist parser to use the faster, built in `html.parser` (Jake Howard) * Maintenance: Remove duplicate 'path' in default_exclude_fields_in_copy (Ramchandra Shahi Thakuri) * Maintenance: Update unit tests to always use the faster, built in `html.parser` & remove `html5lib` dependency (Jake Howard) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 16d1bb9d723f..0ca7ddd1aa8a 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -806,6 +806,7 @@ * Pranith Beeram * Maranda Provance * Mark Niehues +* Georgios Roumeliotis ## Translators diff --git a/docs/releases/6.1.md b/docs/releases/6.1.md index 6a29d606a1ab..718c617251ec 100644 --- a/docs/releases/6.1.md +++ b/docs/releases/6.1.md @@ -48,6 +48,7 @@ depth: 1 * Fix formatting of `--purge-only` in [`wagtail_update_image_renditions`](wagtail_update_image_renditions) management command section (Pranith Beeram) * Update [template components](creating_template_components) documentation to better explain the usage of the Laces library (Tibor Leupold) * Update Sphinx theme to `6.3.0` with a fix for the missing favicon (Sage Abdullah) + * Document risk of XSS attacks on document upload (Matt Westcott, with thanks to Georgios Roumeliotis of TwelveSec for the original report) ### Maintenance