added 0.4 to changelog

author: Micah Lee <micah@micahflee.com> 2014-08-20 17:47:07 -0700
committer: Micah Lee <micah@micahflee.com> 2014-08-20 17:47:07 -0700
commit: b946c2f20adc813deec66f62e4fede79356429d2 (patch)
tree: 01c30466e933e62b563d7fd9db2272a9a2734edf /CHANGELOG.md
parent: 428447690261968af19808c1c887ebd488fd0bd1 (diff)
download: onionshare-b946c2f20adc813deec66f62e4fede79356429d2.tar.gz
onionshare-b946c2f20adc813deec66f62e4fede79356429d2.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index b634ca18..3ff9e7e6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,14 @@
 # OnionShare Changelog
 
+## 0.4
+
+* Fixed critical XSS bug that could deanonymize user
+  https://micahflee.com/2014/07/security-advisory-upgrade-to-onionshare-0-4-immediately/
+* Added CSP headers in GUI to prevent any future XSS bugs from working
+* Hash urandom data before using it, to avoid leaking state of entropy
+* Constant time compare the slug to avoid timing attacks
+* Cleaned up Tails firewall code
+
 ## 0.3
 
 * Built a simple, featureful cross-platform GUI
author	Micah Lee <micah@micahflee.com>	2014-08-20 17:47:07 -0700
committer	Micah Lee <micah@micahflee.com>	2014-08-20 17:47:07 -0700
commit	b946c2f20adc813deec66f62e4fede79356429d2 (patch)
tree	01c30466e933e62b563d7fd9db2272a9a2734edf /CHANGELOG.md
parent	428447690261968af19808c1c887ebd488fd0bd1 (diff)
download	onionshare-b946c2f20adc813deec66f62e4fede79356429d2.tar.gz onionshare-b946c2f20adc813deec66f62e4fede79356429d2.zip