diff options
Diffstat (limited to 'CHANGELOG.md')
| -rw-r--r-- | CHANGELOG.md | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index f85991373..387d90114 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,9 @@ ## Releases * Unreleased + - Security: + - Fix XSS vulnerability in pagination page number. + - Rotate session ID after successful login. - Front end improvements: - Improved 403 message, especially for private reports. #2511 - Mobile users can now filter the pins on the `/around` map view. #2366 @@ -57,6 +60,7 @@ - Sass variables for default link colour and decoration. - Make contact edit note optional on staging sites. - Store email addresses report sent to on the report. + - Add configuration for setting Content-Security-Policy header. - Open311 improvements: - Support use of 'private' service definition <keywords> to mark reports made in that category private. #2488 |