Merge pull request #1375 from hedgedoc/feature/yeet_google_analytics

2021-06-08 14:54:03 +02:00
parent 2cecb9184b 5e771c2f65
commit 960f5c1b22
5 changed files with 51 additions and 14 deletions
--- a/public/docs/release-notes.md
+++ b/public/docs/release-notes.md
@@ -1,4 +1,12 @@
 # Release Notes
+## <i class="fa fa-tag"></i> 1.9.0 <i class="fa fa-calendar-o"></i> UNRELEASED
+### Security Fixes
+- This release removes Google Analytics and Disqus domains from our default Content Security Policy, because
+  they were repeatedly used to exploit security vulnerabilities.  
+  If you want to continue using Google Analytics or Disqus, you can re-enable them in the config.
+  See [the docs](https://docs.hedgedoc.org/configuration/#web-security-aspects) for details.
+  
+
 ## <i class="fa fa-tag"></i> 1.8.2 <i class="fa fa-calendar-o"></i> 2021-05-11

 This release fixes two security issues. We recommend upgrading as soon as possible.