diff options
| author | ᴜɴᴋɴᴡᴏɴ <u@gogs.io> | 2020-03-23 22:18:05 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-03-23 22:18:05 +0800 |
| commit | e14b6abf9dae13bc087c9d9db8fe7c7a5125c792 (patch) | |
| tree | 0faf250433a7efe177ecccc7b86784d841898eff /CHANGELOG.md | |
| parent | 740f814ce0b07237e4886a8723e3f2b129d3ea42 (diff) | |
http: always set header `X-Content-Type-Options` to `nosniff` (#6008)
Diffstat (limited to 'CHANGELOG.md')
| -rw-r--r-- | CHANGELOG.md | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 49c9c6a0..28aad8d1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -42,6 +42,7 @@ All notable changes to Gogs are documented in this file. - [Security] Potential XSS attack via `.ipynb`. [#5170](https://github.com/gogs/gogs/issues/5170) - [Security] Potential SSRF attack via webhooks. [#5366](https://github.com/gogs/gogs/issues/5366) - [Security] Potential CSRF attack in admin panel. [#5367](https://github.com/gogs/gogs/issues/5367) +- [Security] Potential stored XSS attack in some browsers. [#5397](https://github.com/gogs/gogs/issues/5397) - [Security] Potential RCE on mirror repositories. [#5767](https://github.com/gogs/gogs/issues/5767) - [Security] Potential XSS attack with raw markdown API. [#5907](https://github.com/gogs/gogs/pull/5907) - Open/close milestone redirects to a 404 page. [#5677](https://github.com/gogs/gogs/issues/5677) |