From 77843135b0c73a5da8994704e10571982c4c9d1a Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Thu, 18 Apr 2024 21:57:53 +0200 Subject: [PATCH] slight wording change and most serious fix first --- RELEASE-NOTES.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index 836c52ee9..0c51bcec9 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -13,11 +13,11 @@ $ git clone https://codeberg.org/forgejo/forgejo $ git -C forgejo log --oneline --no-merges v1.21.10-0..v1.21.11-0 ``` -This stable release contains bug fixes and a **security fix**. +This stable release contains bug fixes and **security fixes**. * Recommended Action - We recommend that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.21/admin/upgrade/) to the latest version as soon as possible. + We strongly recommend that all Forgejo installations are [upgraded](https://forgejo.org/docs/v1.21/admin/upgrade/) to the latest version as soon as possible. * [Forgejo Semantic Version](https://forgejo.org/docs/v1.21/user/semver/) @@ -25,8 +25,8 @@ This stable release contains bug fixes and a **security fix**. * Security fix - * [Fixed a bug that allows user-supplied, non-sandboxed JavaScript to be run from the same domain as the forge](https://codeberg.org/forgejo/forgejo/commit/8dcc7d9e8ce36d94bae1a1becddc4735f51add3c), via `/{owner}/{repo}/render/branch/{branch}/{filename}` URLs. * [Fixed a privilege escalation through git push options](https://codeberg.org/forgejo/forgejo/commit/cc80e661531794fff7f8a336eaaefdb7e3bd3956) that allows any user to change the visibility of any repository they can see, regardless of their level of access. + * [Fixed a bug that allows user-supplied, non-sandboxed JavaScript to be run from the same domain as the forge](https://codeberg.org/forgejo/forgejo/commit/8dcc7d9e8ce36d94bae1a1becddc4735f51add3c), via `/{owner}/{repo}/render/branch/{branch}/{filename}` URLs. * Bug fixes