From 594c07b2d919b4d044161ff0a983f1576817204a Mon Sep 17 00:00:00 2001 From: RiotRobot Date: Mon, 1 Mar 2021 13:18:18 +0000 Subject: [PATCH] Prepare changelog for v1.7.22 --- CHANGELOG.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ee1105c3b3..9893a4b7b8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,20 @@ +Changes in [1.7.22](https://github.com/vector-im/element-web/releases/tag/v1.7.22) (2021-03-01) +=============================================================================================== +[Full Changelog](https://github.com/vector-im/element-web/compare/v1.7.22-rc.1...v1.7.22) + +## Security notice + +Element Web 1.7.22 fixes (by upgrading to matrix-react-sdk 3.15.0) a low +severity issue (CVE-2021-21320) where the user content sandbox can be abused to +trick users into opening unexpected documents. The content is opened with a +`blob` origin that cannot access Matrix user data, so messages and secrets are +not at risk. Thanks to @keerok for responsibly disclosing this via Matrix's +Security Disclosure Policy. + +## All changes + + * Upgrade to React SDK 3.15.0 and JS SDK 9.8.0 + Changes in [1.7.22-rc.1](https://github.com/vector-im/element-web/releases/tag/v1.7.22-rc.1) (2021-02-24) ========================================================================================================= [Full Changelog](https://github.com/vector-im/element-web/compare/v1.7.21...v1.7.22-rc.1)