diff options
author | Florian Bruhin <me@the-compiler.org> | 2020-05-07 16:39:47 +0200 |
---|---|---|
committer | Florian Bruhin <me@the-compiler.org> | 2020-05-07 16:39:47 +0200 |
commit | 76e5951133a0b354f431a184b0a344d39ddad5c0 (patch) | |
tree | db2b9a5013401a27859da8349a5dc7cadb2eab8c | |
parent | 8c6cab6bc918fe3647b18ce90828d04589109c9b (diff) | |
download | qutebrowser-76e5951133a0b354f431a184b0a344d39ddad5c0.tar.gz qutebrowser-76e5951133a0b354f431a184b0a344d39ddad5c0.zip |
Update changelog from master
-rw-r--r-- | doc/changelog.asciidoc | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/doc/changelog.asciidoc b/doc/changelog.asciidoc index 3c438f6fc..41e873866 100644 --- a/doc/changelog.asciidoc +++ b/doc/changelog.asciidoc @@ -21,11 +21,11 @@ v1.11.1 (unreleased) Security ~~~~~~~~ -- After a certificate error was overridden by the user, qutebrowser displays - the URL as yellow (`colors.statusbar.url.warn.fg`). However, when the - affected website was subsequently loaded again, the URL was mistakenly - displayed as green (`colors.statusbar.url.success_https`). While the user - already has seen a certificate error prompt at this point (or set +- CVE-2020-11054: After a certificate error was overridden by the user, + qutebrowser displays the URL as yellow (`colors.statusbar.url.warn.fg`). + However, when the affected website was subsequently loaded again, the URL was + mistakenly displayed as green (`colors.statusbar.url.success_https`). While + the user already has seen a certificate error prompt at this point (or set `content.ssl_strict` to `false` which is not recommended), this could still provide a false sense of security. This is now fixed. |