diff options
author | Florian Bruhin <git@the-compiler.org> | 2018-06-21 21:45:43 +0200 |
---|---|---|
committer | Florian Bruhin <git@the-compiler.org> | 2018-06-21 21:45:43 +0200 |
commit | b4de889df9ad14d89a1fe28ac54270a21a239082 (patch) | |
tree | 5faa55971ef6ff610f0e4b174ed2401f15c7468c | |
parent | 4c9360237f186681b1e3f2a0f30c45161cf405c7 (diff) | |
download | qutebrowser-b4de889df9ad14d89a1fe28ac54270a21a239082.tar.gz qutebrowser-b4de889df9ad14d89a1fe28ac54270a21a239082.zip |
Update changelog
-rw-r--r-- | doc/changelog.asciidoc | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/doc/changelog.asciidoc b/doc/changelog.asciidoc index fe331fbf4..3ea80be50 100644 --- a/doc/changelog.asciidoc +++ b/doc/changelog.asciidoc @@ -15,6 +15,26 @@ breaking changes (such as renamed commands) can happen in minor releases. // `Fixed` for any bug fixes. // `Security` to invite users to upgrade in case of vulnerabilities. +v1.3.3 +------ + +Security +~~~~~~~~ + +- An XSS vulnerability on the `qute://history` page allowed websites to inject + HTML into the page via a crafted title tag. This could allow them to steal + your browsing history. If you're currently unable to upgrade, avoid using + `:history`. + +Fixed +~~~~~ + +- Crash in a workaround for a Qt 5.11 bug in rare circumstances. +- Workaround for a Qt bug which preserves searches between page loads. +- In v1.3.2 a dependency on the `PyQt5.QtQuickWidgets` module was accidentally + introduced. Since that module isn't packaged everywhere, it's been removed + again. + v1.3.2 ------ |