1 files changed, 37 insertions, 0 deletions

diff --git a/docs/_posts/2019-04-29-v2.6.md b/docs/_posts/2019-04-29-v2.6.md
new file mode 100644
index 000000000..6e74b87f5
--- /dev/null
+++ b/docs/_posts/2019-04-29-v2.6.md
@@ -0,0 +1,37 @@
+---
+layout: post
+title: Version 2.6
+author: matthew
+---
+
+<div class="r" align="right">
+<img src="/assets/posts/v2.6-image.jpeg" alt="">
+Image &copy; <a href="https://twitter.com/StillWalkers">Ben Waddington</a>
+</div>
+
+Today we have released **version 2.6** of FixMyStreet.
+
+This release fixes a cross-site scripting security issue where someone could
+create a report through the site with a specially constructed query parameter,
+and then viewing that report on the admin report edit page would allow the
+report creator to run their own JavaScript. We have also released version 2.5.1
+which is identical to 2.5 including this fix.
+
+There's a new, optional, feature to auto-suggest similar nearby problems while
+reporting, to discourage duplicate reports; and the map state is now updated in
+the URL to make sharing links easier. A bit more work has been done on
+moderation, spotting conflicts and showing moderation history to staff on
+report pages, as well as in the admin.
+
+Mostly this release is bugfixes, please see the
+[changelog](https://github.com/mysociety/fixmystreet/releases/tag/v2.6) for
+full details.
+
+## Upgrading
+
+The admin body and user sections have been refactored – if you have custom
+templates/code, you may need to update links to those.
+
+If you wish the default for the showname checkbox to be checked, you can add
+`sub default_show_name { 1 }` to your cobrand file.
+