Avoid potential XSS in Gantt chart

2017-02-23 20:33:44 -05:00
parent daaf32beb5
commit f1fcaedbd2
3 changed files with 22 additions and 11 deletions
--- a/6
+++ b/6
@@ -42,7 +42,11 @@ Bug fixes:
 Security:

 * Fix XSS in LetterAvatarProvider (render broken image)
-* Avoid potential XSS in project overview when listing users (was avoided by default CSP rules)
+
+Those issues are harmless if you use default Kanboard settings for CSP rules:
+
+* Avoid potential XSS in project overview when listing users
+* Avoid potential XSS in Gantt chart

 Version 1.0.39 (Feb 12, 2017)
 -----------------------------